Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp3567471imc; Wed, 13 Mar 2019 23:31:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqxZI+H6O+8KVik3+l4m1mXR4EUmumcYblj+eBS6mDu2wS8t4IgTXESmzBLkHfvxLFu3e3Dz X-Received: by 2002:a62:be08:: with SMTP id l8mr47231860pff.162.1552545102667; Wed, 13 Mar 2019 23:31:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552545102; cv=none; d=google.com; s=arc-20160816; b=VEvuzNeiE3J0ZywBqKetaIh2WLRxciZPEJsm0bwsJx0QejXxc+eJr5qa3si9eb8Cvl 9d/HOD5i0IxFZYvUDG1jP1U8+k7aFAqtac+iNSzhDYeg5rB2bGXLdJ4sf8u4wI1DNtTA vFec3GYVyl4FblN7W9qPhQBUA6O1RWufr3WCa6eGSzmVGkqjJakYLof/0VoJQTEDad7H zn75WKIClR1o9CfOvhd0eKwjgOz/1pKUOoB/mCE1Eb0LRdFsysQS6YSFKk1pCYyzdGou +cCmfKyCW3nm7r3OM0Zl51DrMo4iRoMLJixqM4Qo+uiObIuqTVjMMFBYwYOIwHhqgxXH 8NCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-id:content-language:accept-language:in-reply-to:references :message-id:date:thread-index:thread-topic:subject:cc:to:from; bh=wyWe5fuc/To6MIjvsTtFPw1WbtprXnI1KTFaAY87j1k=; b=XLSP+EA5v0Ncl4nrjzakbH3ip86xDGUUavlk8oQMlfFBqfnvGAektYWqRK1I31tV74 bGhRR0S0zBqLXzDrB0wIH9J3jHBMxVt8YTG+odkn3kN66h3LZxmyyntUTW88heJVhMNp xhOyZtjjbEYLos8ulyIf+Yot9PkvPpzH8Qg3CI2AP9Ee/n/vLagvrLPTFBdFGizISh3G jFQqTarmfLruBTQrmy7Yu4nppaarBpWG2NVOVTbghZDXPYFzDrrmQqKbpIjrSaQnBSfC FenUPgBTxbkE7ZgrE4Vu7MuM5bQliv8zyrXuNDRqHoJJK5ydS9Ww7uuKxkfC2yJqS3TE l3iQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b11si11525460pgt.234.2019.03.13.23.31.27; Wed, 13 Mar 2019 23:31:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726791AbfCNG3f convert rfc822-to-8bit (ORCPT + 99 others); Thu, 14 Mar 2019 02:29:35 -0400 Received: from tyo162.gate.nec.co.jp ([114.179.232.162]:45064 "EHLO tyo162.gate.nec.co.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726527AbfCNG3f (ORCPT ); Thu, 14 Mar 2019 02:29:35 -0400 Received: from mailgate01.nec.co.jp ([114.179.233.122]) by tyo162.gate.nec.co.jp (8.15.1/8.15.1) with ESMTPS id x2E6T99R025732 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 14 Mar 2019 15:29:09 +0900 Received: from mailsv02.nec.co.jp (mailgate-v.nec.co.jp [10.204.236.94]) by mailgate01.nec.co.jp (8.15.1/8.15.1) with ESMTP id x2E6T9W4029992; Thu, 14 Mar 2019 15:29:09 +0900 Received: from mail02.kamome.nec.co.jp (mail02.kamome.nec.co.jp [10.25.43.5]) by mailsv02.nec.co.jp (8.15.1/8.15.1) with ESMTP id x2E6SqEo006613; Thu, 14 Mar 2019 15:29:09 +0900 Received: from bpxc99gp.gisp.nec.co.jp ([10.38.151.150] [10.38.151.150]) by mail03.kamome.nec.co.jp with ESMTP id BT-MMP-3338476; Thu, 14 Mar 2019 15:27:57 +0900 Received: from BPXM23GP.gisp.nec.co.jp ([10.38.151.215]) by BPXC22GP.gisp.nec.co.jp ([10.38.151.150]) with mapi id 14.03.0319.002; Thu, 14 Mar 2019 15:27:56 +0900 From: Naoya Horiguchi To: zhong jiang CC: Minchan Kim , Michal Hocko , Vlastimil Babka , "linux-arm-kernel@lists.infradead.org" , Linux Memory Management List , LKML Subject: Re: [Qestion] Hit a WARN_ON_ONCE in try_to_unmap_one when runing syzkaller Thread-Topic: [Qestion] Hit a WARN_ON_ONCE in try_to_unmap_one when runing syzkaller Thread-Index: AQHU2O0je1X84FRQ5UO03r19PzuDFKYKFWaA Date: Thu, 14 Mar 2019 06:27:55 +0000 Message-ID: <20190314062757.GA27899@hori.linux.bs1.fc.nec.co.jp> References: <5C87D848.7030802@huawei.com> In-Reply-To: <5C87D848.7030802@huawei.com> Accept-Language: en-US, ja-JP Content-Language: ja-JP X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.34.125.96] Content-Type: text/plain; charset="iso-2022-jp" Content-ID: <4B7AEFEF8D2342479BEA063B334FC83A@gisp.nec.co.jp> Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-TM-AS-MML: disable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Wed, Mar 13, 2019 at 12:03:20AM +0800, zhong jiang wrote: ... > > Minchan has changed the conditon check from BUG_ON to WARN_ON_ONCE in try_to_unmap_one. > However, It is still an abnormal condition when PageSwapBacked is not equal to PageSwapCache. > > But Is there any case it will meet the conditon in the mainline. > > It is assumed that PageSwapBacked(page) is true in the anonymous page, This is to say, PageSwapcache > is false. however, That is impossible because we will update the pte for hwpoison entry. > > Because page is locked , Its page flags should not be changed except for PageSwapBacked try_to_unmap_one() from hwpoison_user_mappings() could reach the WARN_ON_ONCE() only if TTU_IGNORE_HWPOISON is set, because PageHWPoison() is set at the beginning of memory_failure(). Clearing TTU_IGNORE_HWPOISON might happen on the following two paths: static bool hwpoison_user_mappings(struct page *p, unsigned long pfn, int flags, struct page **hpagep) { ... if (PageSwapCache(p)) { pr_err("Memory failure: %#lx: keeping poisoned page in swap cache\n", pfn); ttu |= TTU_IGNORE_HWPOISON; } ... mapping = page_mapping(hpage); if (!(flags & MF_MUST_KILL) && !PageDirty(hpage) && mapping && mapping_cap_writeback_dirty(mapping)) { if (page_mkclean(hpage)) { SetPageDirty(hpage); } else { kill = 0; ttu |= TTU_IGNORE_HWPOISON; pr_info("Memory failure: %#lx: corrupted page was clean: dropped without side effects\n", pfn); } } ... unmap_success = try_to_unmap(hpage, ttu); ... So either of the above "ttu |= TTU_IGNORE_HWPOISON" should be executed. I'm not sure which one, but both paths show printk messages, so if you could have kernel message log, that might help ... Thanks, Naoya Horiguchi