From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8013C10F27 for ; Mon, 9 Mar 2020 09:56:19 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 93BCE20674 for ; Mon, 9 Mar 2020 09:56:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 93BCE20674 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 32BC36B0003; Mon, 9 Mar 2020 05:56:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2D9756B0006; Mon, 9 Mar 2020 05:56:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1F0B36B0007; Mon, 9 Mar 2020 05:56:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0175.hostedemail.com [216.40.44.175]) by kanga.kvack.org (Postfix) with ESMTP id 042856B0003 for ; Mon, 9 Mar 2020 05:56:18 -0400 (EDT) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id B04648248047 for ; Mon, 9 Mar 2020 09:56:18 +0000 (UTC) X-FDA: 76575368436.10.roof98_711e4b337703a X-HE-Tag: roof98_711e4b337703a X-Filterd-Recvd-Size: 3801 Received: from out30-44.freemail.mail.aliyun.com (out30-44.freemail.mail.aliyun.com [115.124.30.44]) by imf19.hostedemail.com (Postfix) with ESMTP for ; Mon, 9 Mar 2020 09:56:16 +0000 (UTC) X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R181e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01f04397;MF=alex.shi@linux.alibaba.com;NM=1;PH=DS;RN=10;SR=0;TI=SMTPD_---0Ts5Rsuh_1583747765; Received: from IT-FVFX43SYHV2H.local(mailfrom:alex.shi@linux.alibaba.com fp:SMTPD_---0Ts5Rsuh_1583747765) by smtp.aliyun-inc.com(127.0.0.1); Mon, 09 Mar 2020 17:56:06 +0800 Subject: Re: linux-next test error: BUG: using __this_cpu_read() in preemptible code in __mod_memcg_state To: "Kirill A. Shutemov" , syzbot Cc: akpm@linux-foundation.org, cgroups@vger.kernel.org, hannes@cmpxchg.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, mhocko@kernel.org, syzkaller-bugs@googlegroups.com, vdavydov.dev@gmail.com References: <00000000000022640205a04a20d8@google.com> <20200309092423.2ww3aw6yfyce7yty@box> From: Alex Shi Message-ID: <5b1196be-09ce-51f7-f5e7-63f2e597f91e@linux.alibaba.com> Date: Mon, 9 Mar 2020 17:56:04 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <20200309092423.2ww3aw6yfyce7yty@box> Content-Type: text/plain; charset=gbk Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: =D4=DA 2020/3/9 =CF=C2=CE=E75:24, Kirill A. Shutemov =D0=B4=B5=C0: >> check_preemption_disabled: 3 callbacks suppressed >> BUG: using __this_cpu_read() in preemptible [00000000] code: syz-fuzze= r/9432 >> caller is __mod_memcg_state+0x27/0x1a0 mm/memcontrol.c:689 >> CPU: 1 PID: 9432 Comm: syz-fuzzer Not tainted 5.6.0-rc4-next-20200306-= syzkaller #0 >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIO= S Google 01/01/2011 >> Call Trace: >> __dump_stack lib/dump_stack.c:77 [inline] >> dump_stack+0x188/0x20d lib/dump_stack.c:118 >> check_preemption_disabled lib/smp_processor_id.c:47 [inline] >> __this_cpu_preempt_check.cold+0x84/0x90 lib/smp_processor_id.c:64 >> __mod_memcg_state+0x27/0x1a0 mm/memcontrol.c:689 >> __split_huge_page mm/huge_memory.c:2575 [inline] >> split_huge_page_to_list+0x124b/0x3380 mm/huge_memory.c:2862 >> split_huge_page include/linux/huge_mm.h:167 [inline] > It looks like a regression due to c8cba0cc2a80 ("mm/thp: narrow lru > locking"). yes, I guess so. In this patch, I am very bold to move the lru unlock from before=20 'remap_page(head);' up to before 'ClearPageCompound(head);' which is often checked in lrulock. I want to know which part that real should stay in lru_lock.=20 So revert this patch or move it back or move after ClearPageCompound should fix this problem.=20 In the weekend and today, I tried a lot to reproduce this bug on my 2 machines, but still can't. :~( Many thanks to give a try! Thank Alex=20 line 2605 mm/huge_memory.c: spin_unlock_irqrestore(&pgdat->lru_lock, flags); ClearPageCompound(head); split_page_owner(head, HPAGE_PMD_ORDER); /* See comment in __split_huge_page_tail() */ if (PageAnon(head)) { /* Additional pin to swap cache */ if (PageSwapCache(head)) { page_ref_add(head, 2); xa_unlock(&swap_cache->i_pages); } else { page_ref_inc(head); } } else { /* Additional pin to page cache */ page_ref_add(head, 2); xa_unlock(&head->mapping->i_pages); } remap_page(head);