From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D01B3C433EF for ; Thu, 24 Mar 2022 02:19:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 594D56B0072; Wed, 23 Mar 2022 22:19:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 544A46B0073; Wed, 23 Mar 2022 22:19:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 40C2D6B0074; Wed, 23 Mar 2022 22:19:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0108.hostedemail.com [216.40.44.108]) by kanga.kvack.org (Postfix) with ESMTP id 2D3876B0072 for ; Wed, 23 Mar 2022 22:19:36 -0400 (EDT) Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id D0FB38249980 for ; Thu, 24 Mar 2022 02:19:35 +0000 (UTC) X-FDA: 79277673510.17.D30AECC Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174]) by imf15.hostedemail.com (Postfix) with ESMTP id BA2BDA0011 for ; Thu, 24 Mar 2022 02:19:34 +0000 (UTC) Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-2db2add4516so37563847b3.1 for ; Wed, 23 Mar 2022 19:19:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IwQumeVhitVTx1gzhu5Yibhw++mrfhREWTZTV9Nodsg=; b=ZPif13Uq9RKZbjZ4VM4PpzdmB9hHh2C4RXgHMIiiqDJH5eRg8DG3jYVz2lOygH/Qz4 OaUfBGP8ZFuq1XLo9c9w4gcQ8n5hpMHvhfFKz9bB9/TSLyAuqiPsVLAbECiN4sLUrcmK +4J+hEi5KM8JmBDbPXDqj26CXkCeqIKv3aAzkEF0WlZwH4G6O3J8S45wh+xUx6rx2WCz qbW4cjzuY+PHqv2TVOq8+Jnftmk5VdjWo+BULIq5Z31C/C1K/MgMkMNQc5u8Pq+hJd1A EdllO3ZOLVD48b5782osvvbyLzVIIH+XGD97ZBr2TiGLHS9JGQXXG/BVxPEA/H0oCDn6 9eDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IwQumeVhitVTx1gzhu5Yibhw++mrfhREWTZTV9Nodsg=; b=lJXYHMaISJTz4yRnWLQf/Mu8O94CV8wJgP6ZR2w1/cga46hHAL/I3j440APt5WNzPj PuKQyPT1/wWp5YuNxCFpOasSCA116J+8V/gNVn823YR6DB2gXN3UC7QToWx5W1Zomlhg vm3QJOTo5BYEJUSyvwkEuYXre/Z4/iTSElCR9XY1EJWGK+jZy9LHhlrIcODrTg/PsDNF FMVhYreQYV3E0WLS4BUoVjGpJmy8HrcmLGaP5/XV5Q+MRnno0WMo2zV6zUM4oURK2Y4b DpPd6SIkzpq/VmftUjgixCzsLhCNTtTdCkWMzvLnAM+HsGJupK2TQ5Aaqb6b9/Y4ewb6 sWQQ== X-Gm-Message-State: AOAM533EOo+4kTR1oMVM3VuGAnd3JS/Dh4liL4PIXxVQOp4CdBJDmvxE OCnHmKL2/SZnZ3Ch8egrKnsFiXBt18HY7MkG0gajVg== X-Google-Smtp-Source: ABdhPJy2h0jw3pY7I5dYmkisgdyu5xSuI4s3EEkqY4Cry3maUl3/XXFbGdG0GhbgeCG8JhFRa9/qcP+PnUAzUu9/Mz4= X-Received: by 2002:a0d:f685:0:b0:2e2:22e6:52d7 with SMTP id g127-20020a0df685000000b002e222e652d7mr2931553ywf.418.1648088373753; Wed, 23 Mar 2022 19:19:33 -0700 (PDT) MIME-Version: 1.0 References: <000000000000cabcb505dae9e577@google.com> In-Reply-To: From: Muchun Song Date: Thu, 24 Mar 2022 10:18:57 +0800 Message-ID: Subject: Re: [syzbot] general protection fault in list_lru_add To: Linus Torvalds Cc: syzbot , Andrew Morton , Linux Kernel Mailing List , Linux-MM , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: zqwkzctsqmeci6umqd5sz83d67nrugbm Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=ZPif13Uq; dmarc=pass (policy=none) header.from=bytedance.com; spf=pass (imf15.hostedemail.com: domain of songmuchun@bytedance.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=songmuchun@bytedance.com X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: BA2BDA0011 X-HE-Tag: 1648088374-175139 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Mar 24, 2022 at 7:11 AM Linus Torvalds wrote: > > Muchun, > mind taking a look at this asap? This seems like a pretty core thing, > and the fact that it oopses on that Sorry for this. I am looking at this now. > > > RIP: 0010:list_add_tail include/linux/list.h:102 [inline] > > RIP: 0010:list_lru_add+0x277/0x510 mm/list_lru.c:129 > > d_lru_add fs/dcache.c:431 [inline] > > retain_dentry fs/dcache.c:685 [inline] > > dput+0x7a7/0xdb0 fs/dcache.c:908 > > just worries me a lot. > > The dentry lru list rules are odd but not outrageously so. The main > oddity is that the DCACHE_LRU_LIST bit in the dentry flags indicate > whether the dentry is on a LRU list or not. > > And it's not one single list - it can be *either* the usual > sb->lists_dentry_lru list, or the special "shrink list". > > But this oops is for the regular d_lru_add() path that adds the dentry > to the sb->s_dentry_lru list as the dentry count goes down to zero > (and it's not one of the dentries that get insta-free'd). After this commit, the rules of dentry allocations changed. The dentry should be allocated by kmem_cache_alloc_lru() to set up the dentry reclaim context correctly (e.g. allocating its list_lru_one). This issue seems that list_lru_one wasn't allocated, then NULL pointer reference. I'm trying to reproduce this and looking for the root cause. Thanks.