From: Matthew Wilcox <willy@infradead.org>
To: Hugh Dickins <hughd@google.com>
Cc: linux-arm-kernel@lists.infradead.org, akpm@linux-foundation.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
syzkaller-bugs@googlegroups.com, jose.pekkarinen@foxhound.fi
Subject: Re: [syzbot] [mm?] BUG: unable to handle kernel paging request in __pte_offset_map_lock
Date: Wed, 15 Nov 2023 19:39:06 +0000 [thread overview]
Message-ID: <ZVUeWvO4ypVmqlyX@casper.infradead.org> (raw)
In-Reply-To: <b66659e9-a59e-fdf9-904c-ec25395b97ef@google.com>
On Thu, Oct 26, 2023 at 11:07:35PM -0700, Hugh Dickins wrote:
> I've spent a while worrying over this report, but have not been able
> glean much from it: I'm not at all familiar with arm64 debugging, so
> cannot deduce anything from the registers shown, though suspect they
> would shed good light on it; but it may just be a waste of time, since
> it was on a transient 6.6-rc6-based for-kernelci branch from last week.
>
> If I read right, the reproducer is exercising MADV_PAGEOUT (splitting
> huge pages) and MADV_COLLAPSE (assembling huge pages), on mmaps
> MAP_FIXED MAP_SHARED MAP_ANONYMOUS i.e. shmem.
>
> Suspicion falls on my 6.6-rc1 mm/khugepaged.c changes; but I don't see
> what's wrong, and shall probably give up and ignore this - unless an
> arm64 expert can take it further, or syzbot reproduces it on x86 on a
> known tree.
Just to tie the two threads together ... it looks to me like what's
happening is __pte_offset_map_lock() is racing with pagetable_pte_dtor().
That is, we're walking the page tables, find a pmd, look up its
page/ptdesc, but because CONFIG_LOCKDEP is enabled, ptdesc->ptl is a
pointer to a lock, and that pointer is NULL.
More discussion here:
https://lore.kernel.org/linux-mm/ZVUWLgFgu+jE3QmW@casper.infradead.org/T/#t
next prev parent reply other threads:[~2023-11-15 19:39 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-26 15:48 syzbot
2023-10-27 6:07 ` Hugh Dickins
2023-11-15 19:39 ` Matthew Wilcox [this message]
2023-11-16 7:39 ` Hugh Dickins
2023-11-16 7:59 ` syzbot
2023-11-17 5:42 ` Hugh Dickins
2023-11-17 6:24 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZVUeWvO4ypVmqlyX@casper.infradead.org \
--to=willy@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=jose.pekkarinen@foxhound.fi \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox