From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0F5FE7716A for ; Sun, 15 Dec 2024 17:45:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 11D066B007B; Sun, 15 Dec 2024 12:45:21 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0CDAF6B0083; Sun, 15 Dec 2024 12:45:21 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EAFD16B0085; Sun, 15 Dec 2024 12:45:20 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id CD1386B007B for ; Sun, 15 Dec 2024 12:45:20 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 4A49A160968 for ; Sun, 15 Dec 2024 17:45:20 +0000 (UTC) X-FDA: 82897919370.18.2B086CF Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com [209.85.208.176]) by imf30.hostedemail.com (Postfix) with ESMTP id 4EFB280008 for ; Sun, 15 Dec 2024 17:44:24 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=CV6oTcYA; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf30.hostedemail.com: domain of ryncsn@gmail.com designates 209.85.208.176 as permitted sender) smtp.mailfrom=ryncsn@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734284692; a=rsa-sha256; cv=none; b=SYBvIFiwTxsW+bpPLBahQSr9yR1bpLBzYyaFlEk1M7I+Im3hP0do6R9yuN1k/r0oYdbjws SYUtICgO4L8/2oGh58PQi3oF9RGPAeETF9ZNWdhMhygHK/y5Q0ij1QkdHYcIl9w5Q0dhYq BjzkIT86SnIZldP1LTR7WAjmbpYwNNM= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=CV6oTcYA; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf30.hostedemail.com: domain of ryncsn@gmail.com designates 209.85.208.176 as permitted sender) smtp.mailfrom=ryncsn@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1734284692; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Nt3sFJ2YwyDDoijqRM7kKUa1eqBnIjat5IAF1bGVZLU=; b=kj3SmzsNBd4Ne4IjVAXUQ1NgzuF0IxMmASyoMd7gcbz0caP77kVgM/HxZGnkQIjQWbGFps WSQ7Ne6P9UpIqWscVt5yjQDRXUjycgSW2q6XdON5My9tZEvgYdEC+d4CfvwluzoF+rceuK U+blSkjmgt1/Q1LgrG/novPwdA/vlGg= Received: by mail-lj1-f176.google.com with SMTP id 38308e7fff4ca-30167f4c1deso29618251fa.1 for ; Sun, 15 Dec 2024 09:45:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734284716; x=1734889516; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Nt3sFJ2YwyDDoijqRM7kKUa1eqBnIjat5IAF1bGVZLU=; b=CV6oTcYAJ2XVyOsU8aOR4ZDNGs15x4iDDQ05OtjdA2IXwbr1PaMeofwj0ozjWSepds eN8Su7NwlnwkuvXNwNP04T34e09ztIkIt80mvVpFixJL7f6w0S0EuWK6yYU1FQh3bypp e0PUORKHCKEfVTmhGHpan1hksJwI/rSyTkwJdVASzDLr3P3UkcWuJSBM+c3WI27OZZHW 1XrYqMF8T8LXlMOaDAxq88sAQBP6fTl6AzO5msqrj+99wlk6Counh5GGdOsfPHd96mWk AuHHFkPlFUY+DQESxg8VHigC70H0bsLFd8G7+o69bT/PgUB1oV8HHR23VVF7H6tZASEA 0O3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734284716; x=1734889516; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nt3sFJ2YwyDDoijqRM7kKUa1eqBnIjat5IAF1bGVZLU=; b=kVyN4lQ+kA56omeBlW234CJm90YaUGgHzBzpUzZLT6E7EnMtAGNpc6VxeGQuCU7lAM jYNqhGFQfhipYawOLbJourr0btu6n1kKYMqbwij7HfvHEO1aTXJyu5xUHhCwNMMjo6HS 7URkh3DBUe/fgH01g8P3eiag81wZoG/UlX/Sxof4PsV6JqDUKwm4jWflvMg7wfBPZmj3 ntEvRz+bQ1zAO0Bq+Rkt/BAgDfUEvhjLV192nrCKfnGTbJazYvxQ/PfzK/U4UxNLKWpn VyIrpwA8AizeNQ6dieP1jfpf6ETpJVZfHIek49q7/la3gVpp2iha2SPEurU4Bqu2rAEo /jMg== X-Forwarded-Encrypted: i=1; AJvYcCW09iii9iJNf6BeP4nt6iHeVcg2A4VDl3sYdQh+OCNvmtphmGEF+gDS18NMgLGqKUzHqRxBB2xBTg==@kvack.org X-Gm-Message-State: AOJu0YwiHDsB4wtrLlACQ4fiQTRtqFlsIYBvbvTuMfJJ5ymobD1oOpPm 3vd48s/iDnyEs41/r53J3qB7ZVX2fztP1dhgTCILZ6EYu2nSp8bAgc7JYntkPVCd23TxDjoizbR iNip5kQih+tql3Z491CHg4+TUvm8= X-Gm-Gg: ASbGncufMG7G9U2XLDfvCP5i52VlYK5xSwlYXu2mzGl8vHcyry8vfnEsgMg5C83SfhA 3hzrxNaBgGQzyf3HeVAAfQFxdLWVHSfGxSrFrvg== X-Google-Smtp-Source: AGHT+IF9TZ4Pquu8owW3tNIOK/yAP76k+W7o0bcjGl1I6RHMTB5K56PKol0eBytOW7zCq9kaxAbRTVpb4KrgBwzOyy4= X-Received: by 2002:a05:651c:2116:b0:2ff:a89b:4210 with SMTP id 38308e7fff4ca-302544264d6mr36440991fa.8.1734284716123; Sun, 15 Dec 2024 09:45:16 -0800 (PST) MIME-Version: 1.0 References: <675d01e9.050a0220.37aaf.00be.GAE@google.com> In-Reply-To: From: Kairui Song Date: Mon, 16 Dec 2024 01:44:59 +0800 Message-ID: Subject: Re: [syzbot] [mm?] WARNING in lock_list_lru_of_memcg To: syzkaller-bugs@googlegroups.com Cc: Yu Zhao , syzbot , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 4EFB280008 X-Stat-Signature: 1qwgc7zq7a5xtus96bfyxkcz5f4e4ej7 X-Rspam-User: X-HE-Tag: 1734284664-408974 X-HE-Meta: U2FsdGVkX198K3pjPV9nnXMwCakOF+czEgoHMhoWAtCCgxhk7s9FRrR+IZuf+cWsky17d9APQ6EutN8iMrQgvd9vyORRy/bF4dPPKmwAvekB4lreDUBXxLbHqM7/t9FphmuJVND/A0tUDHg5DK+tuxAq4KiQk8UBsXXF4ygjfFlp1Rg/wkOkq0TRe0Tyi+vfijfF/fbpQKGQi9lrxevoshxqhX3kuh4sbZLNpzXXyvz/GJIX2rLMhumbbM9qmdzJQqdAqtd13L4TkxtaMYoVBk5eVvp84TclJvE9So8oQzgDyhTuDJ7xQH6WIcWhdTNxPbPqmEqOeXWtHLVA6NcdDHw2lTawy9U2cFucYaQHmCSOj7sqxJUUn6yO33DO1mqm1lckeP7jhdQvscKJbh5UhhcX96VqV60EfOBXpTAPVUezNlE0qxp83vxKKE67gWWFERiMuY8Yte2qJPtPf4WSlG4ck4hFiiyxL0bV+IqyacHPT4pQ1HeiiiHqc6HPgmY9JMn7VEDbo3hOc0HMUMX8q123a0yNBW46VO6yFOe4DX+qQxyBhJrKdsCRz12cZ2E0sodquOfjPZKHV5l9jdtCcaiTpE+Vip7OTmYm0XqdKnM/9WQeVpKPcezCa0XTybaG0Tj8+ApYQKn3ELUMm8X4ms7eU1dPLeV7VWARFd7wue8eh7fHoIUJBy1e9QsYpZpvbxA3jPtbye0H+Ogx9h2rK5lQpx4+9CH9zergYAh+ZAWdzUBetaIyHeqTZp8PR5hNIpLd/7nXMivAyR9e52SsSz6EDS+xlf/uxbWIa72fG59lTzfQUrD8zfLq8wL7d/6RI+GSKsHf4213vz9MVwWJUlwYUUQbiq4NHIRZyTl2n09e1Gt+iZcH74H1544exy0jF/V0ctzPQ0YW1UJS/uaYHPVVVZp5Yk4AKKGihJ4gpl5nvm9Oqszkc48cwaAHuVmLs849Jlie845WDukYDi+ iU/6ghuP 27TeAHsJzyMnK8UmEYtzYtbX7TzGfvl7UgyTI6fH8PYYe1orMxf23NQMqIME1P7I4JLKmoCSTlP2Asr1A0s43qSk9OANbXq/WwPtqyzoEmiL4nNyWCnDzRO+qjC1Xe9ew0X6r8yM385Eg1VrUQmslwmO9INDp6pn44h0xaUCtHvFWOM4JPzcbk2QvhDiPGxWKGAKfcLzV83++B9TItbGc377lFyiHW70mUTox54Sxpn7py3SE+jS28MKYhwAhH6hcyl7ddVSAl1wp/A4iq6WS61KMh+jjyCAa7ZvEBO1c39P5igKUmCYrMOWeatkW/3wtT7q3xu4nAaUz0i1a8KxiTTKxUoLVwG4s3L6OZmclfNlwsufaVAw2gtrYDbw5BPk8uTkZb5GyV9EGUKQk+6hG0TGS6KuHX3NL+L6HZY/G/9PrWfBP2o4DPKes9/z8ez83ZRDLaeFiGUd/xfrvooCowmWjXo1iCMxetufW38MLH6q0ez7f9Jk0NVMGTxPEuWPOef0i/ETFtvFz9IRSxfCFWStKKGMctP2ndl2+Cqpikl3QwZGSwiXuxThtf1DWK2mEHGitEgf2aAGRUj6ovT3mRp79a5TSrTZAkDBCn3sqoiCdtLie24wWKV6Q/jgs3gyZh5mmFZ0wFfe6eewoMBo3b/MQbsZHI0iaJEvWQ9RBHRYCbtIjUYVeaEusLRfgmMQPNZpex52o+axIumOaH6q8sUvn1tjtpz2PjViSOzqVMs/HIFC5ENnCoujWFJX3EkTVz8EwL9CTWftDFh2Qlfd42UK+t7EgZ/+a4s8nNjMXZw3mE3vdDRmLbmxIq1Fa++nh+dPZ7nld04mFsulOS8gG4mJuE7tm5lNC/9Y3lAKBpuj34AT1vjtd5LEPKNC1X1EMCxK/14Ry1+dz97DHQItj25tOmFkpft5dNTf79JznlEm8YwTkMBuXEvh/XbtyUtsmxnVCUH2hw5KXxT9dGvi20YnaozhL wmbFeyxm fh6qd4bbR24n6JxbCi7T3dLRpDFk7zGF09dOZz+1/lo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sun, Dec 15, 2024 at 3:43=E2=80=AFAM Kairui Song wrot= e: > > On Sat, Dec 14, 2024 at 2:06=E2=80=AFPM Yu Zhao wrote= : > > > > On Fri, Dec 13, 2024 at 8:56=E2=80=AFPM syzbot > > wrote: > > > > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: 7cb1b4663150 Merge tag 'locking_urgent_for_v6.13_rc3'= of g.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=3D16e96b305= 80000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3Dfee25f936= 65c89ac > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3D38a0cbd267e= ff2d286ff > > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for= Debian) 2.40 > > > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > > > Downloadable assets: > > > disk image (non-bootable): https://storage.googleapis.com/syzbot-asse= ts/7feb34a89c2a/non_bootable_disk-7cb1b466.raw.xz > > > vmlinux: https://storage.googleapis.com/syzbot-assets/13e083329dab/vm= linux-7cb1b466.xz > > > kernel image: https://storage.googleapis.com/syzbot-assets/fe3847d085= 13/bzImage-7cb1b466.xz > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the = commit: > > > Reported-by: syzbot+38a0cbd267eff2d286ff@syzkaller.appspotmail.com > > > > > > ------------[ cut here ]------------ > > > WARNING: CPU: 0 PID: 80 at mm/list_lru.c:97 lock_list_lru_of_memcg+0x= 395/0x4e0 mm/list_lru.c:97 > > > Modules linked in: > > > CPU: 0 UID: 0 PID: 80 Comm: kswapd0 Not tainted 6.13.0-rc2-syzkaller-= 00018-g7cb1b4663150 #0 > > > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debia= n-1.16.3-2~bpo12+1 04/01/2014 > > > RIP: 0010:lock_list_lru_of_memcg+0x395/0x4e0 mm/list_lru.c:97 > > > Code: e9 22 fe ff ff e8 9b cc b6 ff 4c 8b 7c 24 10 45 84 f6 0f 84 40 = ff ff ff e9 37 01 00 00 e8 83 cc b6 ff eb 05 e8 7c cc b6 ff 90 <0f> 0b 90 e= b 97 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 7a fd ff ff 48 > > > RSP: 0018:ffffc9000105e798 EFLAGS: 00010093 > > > RAX: ffffffff81e891c4 RBX: 0000000000000000 RCX: ffff88801f53a440 > > > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > > > RBP: ffff888042e70054 R08: ffffffff81e89156 R09: 1ffffffff2032cae > > > R10: dffffc0000000000 R11: fffffbfff2032caf R12: ffffffff81e88e5e > > > R13: ffffffff9a3feb20 R14: 0000000000000000 R15: ffff888042e70000 > > > FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:000000000= 0000000 > > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > > CR2: 0000000020161000 CR3: 0000000032d12000 CR4: 0000000000352ef0 > > > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > > > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > > > Call Trace: > > > > > > list_lru_add+0x59/0x270 mm/list_lru.c:164 > > > list_lru_add_obj+0x17b/0x250 mm/list_lru.c:187 > > > workingset_update_node+0x1af/0x230 mm/workingset.c:634 > > > xas_update lib/xarray.c:355 [inline] > > > update_node lib/xarray.c:758 [inline] > > > xas_store+0xb8f/0x1890 lib/xarray.c:845 > > > page_cache_delete mm/filemap.c:149 [inline] > > > __filemap_remove_folio+0x4e9/0x670 mm/filemap.c:232 > > > __remove_mapping+0x86f/0xad0 mm/vmscan.c:791 > > > shrink_folio_list+0x30a6/0x5ca0 mm/vmscan.c:1467 > > > evict_folios+0x3c86/0x5800 mm/vmscan.c:4593 > > > try_to_shrink_lruvec+0x9a6/0xc70 mm/vmscan.c:4789 > > > shrink_one+0x3b9/0x850 mm/vmscan.c:4834 > > > shrink_many mm/vmscan.c:4897 [inline] > > > lru_gen_shrink_node mm/vmscan.c:4975 [inline] > > > shrink_node+0x37c5/0x3e50 mm/vmscan.c:5956 > > > kswapd_shrink_node mm/vmscan.c:6785 [inline] > > > balance_pgdat mm/vmscan.c:6977 [inline] > > > kswapd+0x1ca9/0x36f0 mm/vmscan.c:7246 > > > kthread+0x2f0/0x390 kernel/kthread.c:389 > > > ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 > > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > > > > This one seems to be related to "mm/list_lru: split the lock to > > per-cgroup scope". > > > > Kairui, can you please take a look? Thanks. > > Thanks for pinging, yes that's a new sanity check added by me. > > Which is supposed to mean, a list_lru is being reparented while the > memcg it belongs to isn't dying. > > More concretely, list_lru is marked dead by memcg_offline_kmem -> > memcg_reparent_list_lrus, if the function is called for one memcg, but > now the memcg is not dying, this WARN triggers. I'm not sure how this > is caused. One possibility is if alloc_shrinker_info() in > mem_cgroup_css_online failed, then memcg_offline_kmem is called early? > Doesn't seem to fit this case though.. Or maybe just sync issues with > the memcg dying flag so the user saw the list_lru dying before seeing > memcg dying? The object might be leaked to the parent cgroup, seems > not too terrible though. > > I'm not sure how to reproduce this. I will keep looking. Managed to boot the image and using the kernel config provided by bot, so far local tests didn't trigger any issue. Is there any way I can reproduce what the bot actually did? Or provide some patch for the bot to test?