From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E157EC25B46 for ; Mon, 23 Oct 2023 20:22:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 34F306B0157; Mon, 23 Oct 2023 16:22:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 32FD26B0158; Mon, 23 Oct 2023 16:22:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1EE316B0159; Mon, 23 Oct 2023 16:22:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 0C1AA6B0157 for ; Mon, 23 Oct 2023 16:22:04 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id B4D5280B2E for ; Mon, 23 Oct 2023 20:22:03 +0000 (UTC) X-FDA: 81377847726.19.5D023EC Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com [209.85.219.177]) by imf02.hostedemail.com (Postfix) with ESMTP id 01BB080008 for ; Mon, 23 Oct 2023 20:22:01 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=VFfX8d+T; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf02.hostedemail.com: domain of hughd@google.com designates 209.85.219.177 as permitted sender) smtp.mailfrom=hughd@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1698092522; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=WtHnwDlzHbUiujPWw3BJpppYflbolizDxSGdCmF15lk=; b=qT10oJpg15rTl5grADrBtwtFospCyDfMRFLXcqpYAtPJDpVu5YUVg0FqJZTvFFUGU4nNHO 4asgFhKRiLec3UlTCp9/3ttoX1bxPcJt6/WJMwYanvIXuSJyNTh7a+YKQqIaucjU6LM8+F 5OepKx6gEAtCU28rt/4sVjCkQSLfnuM= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=VFfX8d+T; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf02.hostedemail.com: domain of hughd@google.com designates 209.85.219.177 as permitted sender) smtp.mailfrom=hughd@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1698092522; a=rsa-sha256; cv=none; b=BUcG33+IY5JK/cB7a6gMTH7bq7BmcCQ9HIWACf5fTZPv6lY3kNLiN9UeGwoWcuKYBivqAC 8k13ywyJ/ix2oPYT+P6gx32h4inL0ZtnpKphEwvFTOd/WOEYnWDjsGfEOqN11RmEe5Z9Y9 qPFeE88skW9H57tO711eU2s+TVuSph4= Received: by mail-yb1-f177.google.com with SMTP id 3f1490d57ef6-d9ac31cb051so3573423276.3 for ; Mon, 23 Oct 2023 13:22:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1698092521; x=1698697321; darn=kvack.org; h=mime-version:references:message-id:in-reply-to:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=WtHnwDlzHbUiujPWw3BJpppYflbolizDxSGdCmF15lk=; b=VFfX8d+TdUwq0hbD3lV913Gmig9Y7SzJHodgj+YQ8Dc7VXFwESeWRTG5UoRzHNo1xO 8ScLDfuu9dniMmo8GUYWRUIGytnP5DKn1QOmyEZyGwJqOZ8ZFiCzX2dMazTypQRKdNEf tHAzxtYu8N14LhRHo9voJslQjHFv6TlL8AgH6K6dmMFEgivm2iDLRpbUVn2GtN8p9x8i QEcZffZ8XxH2jxgeG1XoNn7g3W3upS4iTe2hMji3f2UW8XHE9K+qCM6P8jnBeFNyJX81 +BkKeKSt/GSct49MwrRklXmrHTPs6SQWlr33GDTHa/kWPAUxGdbFHN8bSQ5iwCy/TZtP LjFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698092521; x=1698697321; h=mime-version:references:message-id:in-reply-to:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WtHnwDlzHbUiujPWw3BJpppYflbolizDxSGdCmF15lk=; b=NLhzRY5hFO8Uzbif88seY262sUSc7BL5qEssXVoLF7d7v1rQv+IS2vUKT7HcwifMVD iVRPzYFJWX/1kMvflXdloX15TH1j/BIBvp3G0f+sDZMlrAev4kQ/JArG02j9+qSsi5VO uHS/9R51anSO8ynM0mAPSRQHaF2srB3JbGwGLHYJQ5gmXD4PhPkqTPXZ+SJBp2/FaIGJ QyDzhKZGlcZa62uKj0RWk5f1FbbuRs+mk9iKIr0zM9oMYx0UHJkZJGfkldiHvNGvba25 5ptPlGG1Fit/K9Swpdpn7sou74ALAGzLqYyUOII+ugCRq+EHUy8L/C10iJi3xl3hmeEg 3qWw== X-Gm-Message-State: AOJu0YwfBZRCn0yntkF0c2xoiTX1ZpnxGBv6olY+QpF6bv50SDxizNvz 9xab24dJZqoFxkuhp30ngHF+eA== X-Google-Smtp-Source: AGHT+IGzpXSYBJLpIrDRlztOlY2da03fJMUHnPvrzFATJOI4fX/tpYrZrnGXkT4+bv0mEHPPDN7idQ== X-Received: by 2002:a25:cac7:0:b0:d9a:4fa0:dca9 with SMTP id a190-20020a25cac7000000b00d9a4fa0dca9mr10813474ybg.25.1698092520851; Mon, 23 Oct 2023 13:22:00 -0700 (PDT) Received: from ripple.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id z16-20020a5b0b10000000b00d911680fd10sm2932887ybp.50.2023.10.23.13.21.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Oct 2023 13:22:00 -0700 (PDT) Date: Mon, 23 Oct 2023 13:21:58 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@ripple.attlocal.net To: "Liam R. Howlett" , Hugh Dickins , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, postmaster@duagon.onmicrosoft.com, syzkaller-bugs@googlegroups.com, syzbot Subject: Re: [syzbot] [mm?] WARNING: suspicious RCU usage in mas_walk (3) In-Reply-To: <20231023175519.4jtszivgfidn6p6j@revolver> Message-ID: <2e63bcad-f283-f13c-505a-add6e87d69a8@google.com> References: <000000000000985ef90607610b0a@google.com> <000000000000c05f1b0608657fde@google.com> <20231023175519.4jtszivgfidn6p6j@revolver> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 01BB080008 X-Stat-Signature: jayky957tnpwyhfhkrgmhzz3q4cyout3 X-Rspam-User: X-HE-Tag: 1698092521-319226 X-HE-Meta: U2FsdGVkX1/fGGCMi4cbsXr3m2c7U28X5aaUN8/fkMwkp9DMGxLJFjRzbeHhEy1wYkJAHe964KFvbjAV8H8oHhSJDmTO8K8z8xBfyajI7hW0ISfInC675JTLWym05YuNDaaSWQZC8iu7qmgkkfINwjRzy0Bp2K+zWpTt/uVjh4zNp6SYFdXw2OlHs3POMKr4H0z89LNMg9eiIlh8v7/CY9NTHXTojXMkynIVkYqYA1zxy0K+c4QZZFNXpF2+MoVv8L2IdRcbmjZL2dwQLAUzclTGUa5wg0+wQGXoYCP+GSJShwPB0TLE8ZrH7c4j3j7hqUwycg8P6TIb1mvJPt6G9oAH/Ofpipr341fH6LngKnaW3zDVcHFeYLM/nbMmFFsT7LR5g7KPMJywUhW+bvhIRjttA2C/6QK0czwphut4xQlX3hFfZBGgbUwulaaH8LSd3HBDgsXq/kEhv9L8HePHaRtm9dpqD+jX1vvsKtZd6MOWeOB9U0qVrRHyUi6SgeiGFZY7WdysNY55eb0Hth9+SaCl51DxJ4RRVhIYlwzTjEqaqk42BjaiCUo1OZcCXVMeT2tkuJJnjjcf+iZP3T4KPT9YXQXQIvnuzlGo0T6SuuCVChHgeBGrI5ggZu5ss/j+t+00eCLlzT5J89Hqi/TcJYQDH628lBuZ6HPlxl0dCXtKSYdbKAWIJ+n7p74Svzx9Onoz2+dP9zRhATLknU3YKxEnJrDznlSnpWbD0SgsNxt3EL9g5SNGnoY5Uw4MGDEtLUqxplxshC6gxULuJmmcvUaCXKzvSiFh1H5zVE5e/79tMH2mve7FcoW3hPgwg+EK/ebYrJL5gWvJ37DiB7cVp7ebTKK23n2X8gIztNnrNobEOWNSjHAkBgbkIwm3GqkaX+GVWLl6QK9FO97b+uCo5DylefkBv+7oIlJR59v121QBgLTTqor7iSEwueV67DKU/CB5Y2G/DTlivmJMNjl SHtCs5bG Tqje1xMa+y49V7l1aembru57aFeewhGqj67B1fTFZLvUdiLqnhG65E8ot+OC2Dfr+/tBfeGcj4EFRl7wRMT02rVKDL47XM7K6Pb6YznRjVRsrOg1mc2a6F41jACwXuRBCT5thL1MAjHWE/gUgeUitec7z/XgKXeK0d/SY/g3GhCDgdjP6hedHtHLShohsS5yDStU6Qz2iCwTkdLtOYgY6i3fl7lgh1L7r5bJxqAK2e/Q7Befrn19t0LAAu4ExOG1bfKyRH9M3fBEtLxYzqI0UmyidoKfE7gn04ku5r11vNvT9BBsk+MEC/EqVblXWeSalAehKnuBcBI+oaiDLtJ1pOI3ailHk3Rokj6ZL44JT79tCKts/aLJjU5POEzP0lwggDMNPaCg0xOMSf8HvBgo8xGKGJT1uMROczAInSrB29RuXOz7B9S7x6IQOb/T+d/uvXn5o/X0sI2sHCragRWWTeMeR8o+79R2h9Bf53uP9F8Y5+wYB6Pxmhkx1j3ML38xxLreTBVd2MP9l+pMJd5XCpALRKMl7FzBwxa/Qmvl8fGOxwvQYoVVXNXVbpZJUuPNboQRlJ+UlTwWKlgMzZAY18eL0aXkWPB2Xdl6joir+UWRmNVtPkOFr7Ia4rIRREyM5+xL3FbXL3olLr5MSHO/TLv71/nBHHcBWqKU08aMl1jzFd+eOtTz1g+d0kYH+DBmuMoqvpZBdbDTo1YNeMKvMO4CzXcpGHSkIb+RDfi8C6VwWClXfs6MhOIOYqE7+5LV5yoJy4Hs3vkP0d697g8OtsMAiZtmimebWJfj6yhXXAAVm4izL26Y9f9ZtXdBqxj93uSbqJC/mNENtkxd9g1U3IvpvqmhtiYt8AlOGIw0/yGrRhmsvHvONo0Lzr038lvxrgJmr X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, 23 Oct 2023, Liam R. Howlett wrote: > * syzbot [231023 13:24]: > > syzbot has found a reproducer for the following issue on: > > > > HEAD commit: e8361b005d7c Add linux-next specific files for 20231023 > > git tree: linux-next > > console output: https://syzkaller.appspot.com/x/log.txt?x=1207cb05680000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=75e8fc3570ec9a74 > > dashboard link: https://syzkaller.appspot.com/bug?extid=79fcba037b6df73756d3 > > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=107fab89680000 > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/e28a7944599e/disk-e8361b00.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/7dd355dbe055/vmlinux-e8361b00.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/7b2a9050635d/bzImage-e8361b00.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+79fcba037b6df73756d3@syzkaller.appspotmail.com > > > > ============================= > > WARNING: suspicious RCU usage > > 6.6.0-rc6-next-20231023-syzkaller #0 Not tainted > > ----------------------------- > > lib/maple_tree.c:856 suspicious rcu_dereference_check() usage! > > > > other info that might help us debug this: > > > > > > rcu_scheduler_active = 2, debug_locks = 1 > > no locks held by syz-executor.4/5222. > > > > stack backtrace: > > CPU: 0 PID: 5222 Comm: syz-executor.4 Not tainted 6.6.0-rc6-next-20231023-syzkaller #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 > > Call Trace: > > > > __dump_stack lib/dump_stack.c:88 [inline] > > dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106 > > lockdep_rcu_suspicious+0x20b/0x3a0 kernel/locking/lockdep.c:6711 > > mas_root lib/maple_tree.c:856 [inline] > > mas_root lib/maple_tree.c:854 [inline] > > mas_start lib/maple_tree.c:1385 [inline] > > mas_state_walk lib/maple_tree.c:3705 [inline] > > mas_walk+0x4d1/0x7d0 lib/maple_tree.c:4888 > > mas_find_setup lib/maple_tree.c:5948 [inline] > > mas_find+0x1e6/0x400 lib/maple_tree.c:5989 > > vma_find include/linux/mm.h:952 [inline] > > do_mbind+0xc8f/0x1010 mm/mempolicy.c:1328 > > Hugh, > > 41de65c4cd27 ("mempolicy: mmap_lock is not needed while migrating > folios") changes the do_mbind() code locking here to drop the mmap write > lock on line 1300 in e8361b005d7c. Thanks Liam: yes, this is a good helpful find by syzbot. The "mmap_lock is not needed while migrating folios" patch was and is good, but the "attempt to match interleave nodes" patch on top of that then broke it, by adding a vma search after the mmap_lock drop point. > > This is an issue as it opens the VMA (maple) tree to being updated, but > you then re-walk the tree later. If this is okay, then you can add an > rcu_read_lock()/rcu_read_unlock() to iterate over the VMAs so it is > safe (around 1327/1332, respectively). Oh, that's a nice suggestion, thanks. My first inclination was to move the mmap_write_unlock() down, but perhaps the RCU way would be neater. Perhaps, but perhaps not: I'll think more and send a fix patch later in the day. > > I'm not entirely sure why this is safe to do without the mmap write > lock, but considering the change log it seems you have thought through > it. I'm just not sure what is going to stop the VMAs from being split > or such by a ref count on the memory policy (or if it matters if they > are)? Nothing stops those VMAs from being split or unmapped or remapped or re-mbinded or whatever while doing the migrate_pages(&pagelist). But those changes to the VMAs do not affect the work defined for migrate_pages(&pagelist) at all (they may make that work redundant, but such cases would be rare in reallife workloads). Previously, the VMAs were required to choose the migrate-to nodes; but now that choice depends only on the refcounted mpols. Hugh