From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4F2A4C433EF
	for <linux-mm@archiver.kernel.org>; Sun, 27 Mar 2022 05:27:56 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id CA6DD8D0002; Sun, 27 Mar 2022 01:27:55 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C57208D0001; Sun, 27 Mar 2022 01:27:55 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B1E128D0002; Sun, 27 Mar 2022 01:27:55 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0161.hostedemail.com [216.40.44.161])
	by kanga.kvack.org (Postfix) with ESMTP id 9F53C8D0001
	for <linux-mm@kvack.org>; Sun, 27 Mar 2022 01:27:55 -0400 (EDT)
Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 30BDA18289583
	for <linux-mm@kvack.org>; Sun, 27 Mar 2022 05:27:55 +0000 (UTC)
X-FDA: 79289034510.16.5BC1E97
Received: from mail-yw1-f175.google.com (mail-yw1-f175.google.com [209.85.128.175])
	by imf28.hostedemail.com (Postfix) with ESMTP id B80E5C001B
	for <linux-mm@kvack.org>; Sun, 27 Mar 2022 05:27:54 +0000 (UTC)
Received: by mail-yw1-f175.google.com with SMTP id 00721157ae682-2e612af95e3so118771327b3.9
        for <linux-mm@kvack.org>; Sat, 26 Mar 2022 22:27:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bytedance-com.20210112.gappssmtp.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=YgicqkCAvKN3gU0TpIKb4dIuI5ODIxLQrQ5+n0JgnmE=;
        b=jlGIuagyuKA21DL3+KdYHrYYfkokePE6pXILsVDiB+4HHTDI1p7HME4hzVEcno/3dS
         PELGTjLfGCih+cQ86kYVUHStNAWvNF5mYRH4fngt23A5ZvyXar7InfP5+ZAHO/Nq7GF9
         cHyLrBaA1xgBp5Ae4ok/YUDJp7XQ8ZNiwS0x2VbUEOLPB6bU1lSH/BzjNpwGcN2GXH+p
         0z5kkfW5v40Vxikp9SyJm8LiL03mUk+EQwljGFAGaTWyk7WpDyVXyXPrhRfkbZQ/7f5z
         2psHl3yMYvkz0UycClNrJUyPA1WJNBuekLf8cUTKHbvc5NrJUbiPUU1Ia4r9oPlcF+x4
         XHYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=YgicqkCAvKN3gU0TpIKb4dIuI5ODIxLQrQ5+n0JgnmE=;
        b=7jKEfnIVr/MPdeKlENJvyqDxK76+h4/tdmOS2ZvG9CzGt8H6RMSiiiEZ86vDQUdBAX
         Z5tBfJuuzN3+1nz223dA9NDTJpLrFpkXoSoRbKjseXBtDqUnuuo+Lk+I7zzlZkP4/+8g
         OlekJE+vY47sUhAxmW1aJXkuTG7+yoGdJ8W8RwNcQfwrg77CwKn44XTHwjMq/M9U3Yt2
         g9wvaZ2pUUkXH6TOI2UuWJM/1M5FZ6P1ntta15w0k3dAeuSTxofl2VTG3mBjVk2j4HLv
         JzP24IcwevLuqp3k9sS7bG1uUSmQ5IkuKMAOAcVdbwwUKz0OonvSnYBuOGQ8TmPoZMJI
         KvXw==
X-Gm-Message-State: AOAM530+Jl0R+s8KHFZAeXnX8FO7UyZAfWoKk9LWNVLbzfYCV56uboWk
	2kHLklcdlg+ajrmcJuTCHaULB+Qm8kS207EQ0QxPzw==
X-Google-Smtp-Source: ABdhPJzzw/OngC7HG5Wt2z+m+5FYq1dMSef73+ak3m/Hhj9AvMAbNI0CwKPblL14NNRYzbZHr/r8zjL9kRIOPHKj/7o=
X-Received: by 2002:a81:5dd6:0:b0:2d6:3041:12e0 with SMTP id
 r205-20020a815dd6000000b002d6304112e0mr19445727ywb.331.1648358873967; Sat, 26
 Mar 2022 22:27:53 -0700 (PDT)
MIME-Version: 1.0
References: <000000000000cabcb505dae9e577@google.com> <CAMZfGtUG9GSRSp6fQ6AD6MFemX9ZS=XYWFceMPjVH7LATamUKg@mail.gmail.com>
 <CAHk-=wii1peDbW+eZipUnLmU_STXx6Vm30PiQnjhfUmgYrSd+Q@mail.gmail.com>
In-Reply-To: <CAHk-=wii1peDbW+eZipUnLmU_STXx6Vm30PiQnjhfUmgYrSd+Q@mail.gmail.com>
From: Muchun Song <songmuchun@bytedance.com>
Date: Sun, 27 Mar 2022 13:27:17 +0800
Message-ID: <CAMZfGtWzk2+yJd0vHWvokknBhWVfyauRZBvxbkFoDsngOK8MzA@mail.gmail.com>
Subject: Re: [syzbot] general protection fault in list_lru_add
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: syzbot <syzbot+f8c45ccc7d5d45fc5965@syzkaller.appspotmail.com>, 
	Andrew Morton <akpm@linux-foundation.org>, LKML <linux-kernel@vger.kernel.org>, 
	Linux Memory Management List <linux-mm@kvack.org>, syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
X-Stat-Signature: xhso3j7ej3fijyb88u7qs5b7h9yc6jm3
Authentication-Results: imf28.hostedemail.com;
	dkim=pass header.d=bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=jlGIuagy;
	spf=pass (imf28.hostedemail.com: domain of songmuchun@bytedance.com designates 209.85.128.175 as permitted sender) smtp.mailfrom=songmuchun@bytedance.com;
	dmarc=pass (policy=none) header.from=bytedance.com
X-Rspam-User: 
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: B80E5C001B
X-HE-Tag: 1648358874-493082
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Sat, Mar 26, 2022 at 4:29 AM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Fri, Mar 25, 2022 at 2:52 AM Muchun Song <songmuchun@bytedance.com> wrote:
> >
> > We can see that we put the dentry (ffff88807ebda0f8) into
> > the list_lru (ffff888011bd47f0). But we do not allocate struct
> > list_lru_one for the memcg (ffff88801c530000).  Then it panics.
>
> Hmm.
>
> Looking at memcg_slab_pre_alloc_hook(), I note that it will return
> success without doing the LRU checking for several cases.
>
> So since you can reproduce the problem, I would suggest you add some
> debug code to __d_alloc() that prints out something big if it gets a
> dentry but you can't look up the list_lru_one() for that dentry.
>
> Hmm?
>
> The only other situation I can think of is if dentry->d_sb were to
> change during the dentry lifetime, but I don't think that can happen.
> The only assignment I can find with "git grep" is that
>
>         dentry->d_sb = sb;
>
> in __d_alloc(), and while it's possible my grep pattern was bogus, it
> sounds unlikely.
>

I have found the root cause, it was caused by kfence. Here is
the fix patch [1].

[1] https://lore.kernel.org/all/20220327051853.57647-1-songmuchun@bytedance.com/

Thanks.