From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36F08C433EF for ; Thu, 24 Mar 2022 16:39:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AD6646B0071; Thu, 24 Mar 2022 12:39:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A5D656B0073; Thu, 24 Mar 2022 12:39:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8D7A46B0074; Thu, 24 Mar 2022 12:39:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0166.hostedemail.com [216.40.44.166]) by kanga.kvack.org (Postfix) with ESMTP id 787D66B0071 for ; Thu, 24 Mar 2022 12:39:32 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 28950A4A45 for ; Thu, 24 Mar 2022 16:39:32 +0000 (UTC) X-FDA: 79279840584.19.BD2D69F Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) by imf12.hostedemail.com (Postfix) with ESMTP id DCDF740045 for ; Thu, 24 Mar 2022 16:39:28 +0000 (UTC) Received: by mail-yb1-f179.google.com with SMTP id v35so9407019ybi.10 for ; Thu, 24 Mar 2022 09:39:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8UOBFY2l0b9A+kpZ8tf1lAyxdLadr0jYEAlGlUrUMBM=; b=S5r43KchMEQw1qXS8oQvSjNUpAs7bGmcq2WNRAI7YIG09sb7fT7HIsqnctoFGWI2T4 08i0z1pSjYSqpjDC/Ysrl1gEmXSeyX1BdpYUsm4kMFGlcoV5QUgx3fduLHmS9vm5LjnS 4XKGbL1X6bOcf7/20dbloq0T+4v1gRz6JKjiOvNzyY8M2ln2JF6aub2etu3PIqDmTXCe UhJ03WEqDRedN2YW0SDbVN6nFqDn5rwMZlgIMwszIYaSW7IIp88/UL10/MW1ghOrgDVr CFeVW/PE0CBJSFbE8rPxcF48z2tblE0+jhREBhsxVEYyd1TKFW4DIe09ttfPlOK+hgWA oUqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8UOBFY2l0b9A+kpZ8tf1lAyxdLadr0jYEAlGlUrUMBM=; b=xjh8XZ+yeRLbi03CL/bHA27fV/FhMzs41aaOX92X5fcy34NEymJbJ5Zp69quldMeGz zVuU5262qEY4HMKtzx8Sm7eJQu8J8MRIFA6uwGcR2EtP6VJ/z8YNUesRXO6By+volTil j8WYkbQcbX5VRCyGOcXL6YT717cx8qU1Zy268Sd8lWudqVZWKZjg4PeGtaKKA+FweKoI 8Xbi882FOONjHZhTFQzxp1TDXhDZIWYc21CYEI8ms6DoH5sC1YmofUKovBlGJzvYQni4 4lwsH6HF71s+7VC92paMozZAGZpDho8NmcOXs6pdo4wfnObBRESsCvQLiNZMblPr8yzD q3zw== X-Gm-Message-State: AOAM533LyB1tnr4sllXHyep4nPehbBufJuFsAKVtEkqMSMyDg4uR54x2 AxDPNCENHb4phdPmvwAEK0Aj8UGI65prXJzINeU1jg== X-Google-Smtp-Source: ABdhPJxkXt68T+gykq+P1IG8ngyfCwnjTsxxExNkG4ytkuxdArONJO0PpMpNO0C+EIf+9iGo18H4TTvTG4N8WNHB5SA= X-Received: by 2002:a25:24d:0:b0:633:6b37:bea1 with SMTP id 74-20020a25024d000000b006336b37bea1mr5148302ybc.427.1648139967726; Thu, 24 Mar 2022 09:39:27 -0700 (PDT) MIME-Version: 1.0 References: <000000000000cabcb505dae9e577@google.com> In-Reply-To: From: Muchun Song Date: Fri, 25 Mar 2022 00:38:50 +0800 Message-ID: Subject: Re: [syzbot] general protection fault in list_lru_add To: Dmitry Vyukov Cc: Linus Torvalds , syzbot , Andrew Morton , Linux Kernel Mailing List , Linux-MM , syzkaller-bugs Content-Type: multipart/mixed; boundary="000000000000517a9505daf97d52" X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: DCDF740045 X-Stat-Signature: 6hudho6d5k5o44c7xz4hypg9bm35gorw Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=S5r43Kch; dmarc=pass (policy=none) header.from=bytedance.com; spf=pass (imf12.hostedemail.com: domain of songmuchun@bytedance.com designates 209.85.219.179 as permitted sender) smtp.mailfrom=songmuchun@bytedance.com X-Rspam-User: X-HE-Tag: 1648139968-34623 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: --000000000000517a9505daf97d52 Content-Type: text/plain; charset="UTF-8" On Fri, Mar 25, 2022 at 12:18 AM Dmitry Vyukov wrote: > > On Thu, 24 Mar 2022 at 17:13, Muchun Song wrote: > > > > On Thu, Mar 24, 2022 at 4:50 PM Dmitry Vyukov wrote: > > > > > > On Thu, 24 Mar 2022 at 09:44, Muchun Song wrote: > > > > > > > > On Thu, Mar 24, 2022 at 11:05 AM Linus Torvalds > > > > wrote: > > > > > > > > > > On Wed, Mar 23, 2022 at 7:19 PM Muchun Song wrote: > > > > > > > > > > > > After this commit, the rules of dentry allocations changed. > > > > > > The dentry should be allocated by kmem_cache_alloc_lru() > > > > > > > > > > Yeah, I looked at that, but I can't find any way there could be other > > > > > allocations - not only are there strict rules how to initialize > > > > > everything, but the dentries are free'd using > > > > > > > > > > kmem_cache_free(dentry_cache, dentry); > > > > > > > > > > and as a result if they were allocated any other way I would expect > > > > > things would go south very quickly. > > > > > > > > > > The only other thing I could come up with is some breakage in the > > > > > superblock lifetime so that &dentry->d_sb->s_dentry_lru would have > > > > > problems, but again, this is *such* core code and not some unusual > > > > > path, that I would be very very surprised if it wouldn't have > > > > > triggered other issues long long ago. > > > > > > > > > > That's why I'd be more inclined to worry about the list_lru code being > > > > > somehow broken. > > > > > > > > > > > > > I also have the same concern. I have been trying for a few hours to > > > > reproduce this issue, but it didn't oops on my test machine. And I'll > > > > continue reproducing this. > > > > > > syzbot triggered it 222 times in a day, so it's most likely real: > > > https://syzkaller.appspot.com/bug?extid=f8c45ccc7d5d45fc5965 > > > > > > There are 2 reproducers, but they look completely different. May be a race. > > > You may also try to use syzbot's patch testing feature to get some > > > additional debug info. > > > > Do you know how to tell the syzbot to test the following patch? > > I found some infos from github, it says "#syz test:", is it like the following? > > Thanks. > > > > #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git > > master > > Yes, this is correct. You can now see the request listed here: > https://syzkaller.appspot.com/bug?extid=f8c45ccc7d5d45fc5965 > Cool!. > but the patch was truncated (probably you email client messed > whitespaces). In such case it's more reliable to attach the patch as > text file. Thanks for your reminder. #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git 5abc1e37afa0335c52608d640fd30910b2eeda21 --000000000000517a9505daf97d52 Content-Type: application/octet-stream; name="test.patch" Content-Disposition: attachment; filename="test.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_l157vmgz0 ZGlmZiAtLWdpdCBhL21tL2xpc3RfbHJ1LmMgYi9tbS9saXN0X2xydS5jCmluZGV4IGM2NjlkODcw MDFhNi4uZGRiMmVlNjI3ZDMyIDEwMDY0NAotLS0gYS9tbS9saXN0X2xydS5jCisrKyBiL21tL2xp c3RfbHJ1LmMKQEAgLTY3LDYgKzY3LDcgQEAgbGlzdF9scnVfZnJvbV9rbWVtKHN0cnVjdCBsaXN0 X2xydSAqbHJ1LCBpbnQgbmlkLCB2b2lkICpwdHIsCiAJc3RydWN0IGxpc3RfbHJ1X25vZGUgKm5s cnUgPSAmbHJ1LT5ub2RlW25pZF07CiAJc3RydWN0IGxpc3RfbHJ1X29uZSAqbCA9ICZubHJ1LT5s cnU7CiAJc3RydWN0IG1lbV9jZ3JvdXAgKm1lbWNnID0gTlVMTDsKKwlpbnQga21lbWNnX2lkOwog CiAJaWYgKCFsaXN0X2xydV9tZW1jZ19hd2FyZShscnUpKQogCQlnb3RvIG91dDsKQEAgLTc1LDcg Kzc2LDEzIEBAIGxpc3RfbHJ1X2Zyb21fa21lbShzdHJ1Y3QgbGlzdF9scnUgKmxydSwgaW50IG5p ZCwgdm9pZCAqcHRyLAogCWlmICghbWVtY2cpCiAJCWdvdG8gb3V0OwogCi0JbCA9IGxpc3RfbHJ1 X2Zyb21fbWVtY2dfaWR4KGxydSwgbmlkLCBtZW1jZ19rbWVtX2lkKG1lbWNnKSk7CisJa21lbWNn X2lkID0gbWVtY2dfa21lbV9pZChtZW1jZyk7CisJbCA9IGxpc3RfbHJ1X2Zyb21fbWVtY2dfaWR4 KGxydSwgbmlkLCBrbWVtY2dfaWQpOworCWlmICghbCkgeworCQlwcl9pbmZvKCJCVUc6IHRoZSBt ZW1jZyglcHgpLT5vYmpjZyglcHgpLCBrbWVtY2dfaWQ6ICVkXG4iLAorCQkJbWVtY2csIG1lbWNn LT5vYmpjZywga21lbWNnX2lkKTsKKwkJQlVHKCk7CisJfQogb3V0OgogCWlmIChtZW1jZ19wdHIp CiAJCSptZW1jZ19wdHIgPSBtZW1jZzsK --000000000000517a9505daf97d52--