Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp2118611pxb; Fri, 25 Mar 2022 11:24:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyNDWh4iG6bzElyJgDjx0jd+zVqtpVBF/AJZmn9kQJ1yjqMRBmEXF4xhSRStOBxlG9Jys3w X-Received: by 2002:a17:90b:3a84:b0:1c7:bc91:a870 with SMTP id om4-20020a17090b3a8400b001c7bc91a870mr11500847pjb.155.1648232680146; Fri, 25 Mar 2022 11:24:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648232680; cv=none; d=google.com; s=arc-20160816; b=H5az5L4HIQrRdUIAnJa6+T7XwOw2wOFFkwngkHjrT8wAQ7lsPA9ukx4OWkvGinQsYM c+5k3VDZPc0KZbutQeFi2QbuB7lGH3ojLFZlusk23qQ9Qinbv1qbCR1yzcJLkWbgbRZu FBfmxW6MJYZa3Eh04u4AZp5KOmWSYVr5NTidZyAQwnkk9jCn2qm+Ar4HbZ3ryDmMcVwf Fm43926vAQo7CHEGCBj2AlTig5zuQKhCO82JajwU2/EYV42oXzpunPEfIO4ahjl7+rgR BMkVoWaynFMkePehBwy9bdjO8Y3BP6JmH2nPYY8qe7p35kumW5td0NH7fz2OcJYcZJ7I ESjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=8UOBFY2l0b9A+kpZ8tf1lAyxdLadr0jYEAlGlUrUMBM=; b=UW+1eZWZWrW9y8WByFo2Fbq1Pw2mxDT7pa/lAtIxzWAENAib8ntrZYwtPKXkNKXJy1 Yv8ReT79HS1hGIPFYSiiIubQH7pNNlXW4+q3y2pCkoRSAujQvEdc4UUpZDMg1Grkacvu 3e9e8kFLuxmU75W1hAz/SCF14jKI4CEVrO7jEf1CHGHcvx1m81N+CTrImLlPTksReS/G YjMF+mljOfyQo5uvVzr8wUTK2MHFWAZGaWWIp6oeiSmwYKJkjACNCqXyvx0SzYhz8C6d WVUAX0hIW3pgla9oQYNEi/TpcEaAd5VKJDNUxxWcjf76AEW9P8wWvAftkYbDFanvqhtw itjA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=S5r43Kch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id e14-20020a170903240e00b00153c0220d44si3024385plo.596.2022.03.25.11.24.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Mar 2022 11:24:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=S5r43Kch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 28D808BF33; Fri, 25 Mar 2022 10:48:45 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347989AbiCXQlD (ORCPT + 99 others); Thu, 24 Mar 2022 12:41:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351738AbiCXQlB (ORCPT ); Thu, 24 Mar 2022 12:41:01 -0400 Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05D5E4739E for ; Thu, 24 Mar 2022 09:39:28 -0700 (PDT) Received: by mail-yb1-xb2a.google.com with SMTP id o5so9453646ybe.2 for ; Thu, 24 Mar 2022 09:39:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8UOBFY2l0b9A+kpZ8tf1lAyxdLadr0jYEAlGlUrUMBM=; b=S5r43KchMEQw1qXS8oQvSjNUpAs7bGmcq2WNRAI7YIG09sb7fT7HIsqnctoFGWI2T4 08i0z1pSjYSqpjDC/Ysrl1gEmXSeyX1BdpYUsm4kMFGlcoV5QUgx3fduLHmS9vm5LjnS 4XKGbL1X6bOcf7/20dbloq0T+4v1gRz6JKjiOvNzyY8M2ln2JF6aub2etu3PIqDmTXCe UhJ03WEqDRedN2YW0SDbVN6nFqDn5rwMZlgIMwszIYaSW7IIp88/UL10/MW1ghOrgDVr CFeVW/PE0CBJSFbE8rPxcF48z2tblE0+jhREBhsxVEYyd1TKFW4DIe09ttfPlOK+hgWA oUqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8UOBFY2l0b9A+kpZ8tf1lAyxdLadr0jYEAlGlUrUMBM=; b=YLRjbICEhsB2Hw/8wpRx7LuTyK/2daBDxRiJ0UQk6OuhYeBkUxktoq6T67KoomBXsx Ge6xumhFN3D1VfG0nQ8WeChBb9+lFGKHN7/qH2Z0Wxg65XPr2KX2yjh6qJMsixkr9hZp IzLdipRlcGchCUy/gVLpJ3oDabOc4oRIGGy3+vTkjZY9nTRsL3kwGcUp2+8t0bhUD3gp rHqEmyZguEf+wfgM6GPD/0AQ0uR3uCOyIsIMnbTWnrwo/3kwMnAaxCRNiE6DIDKdtmvV afO0Wxgy+bVdlG4STbxgtMXq2QNySBGpvLUgeUbHcv/fftU+JB0nH6mjfSmyw/aJrMKr x1UQ== X-Gm-Message-State: AOAM532n43HaY4C+1+jOOYlSOrjAUT1NEMevGLbTlmvBkFowL2WKPOM/ GUk3su1xdLF87YL6E0EC2xac9Wt2glMdBKVYaBshCw== X-Received: by 2002:a25:24d:0:b0:633:6b37:bea1 with SMTP id 74-20020a25024d000000b006336b37bea1mr5148302ybc.427.1648139967726; Thu, 24 Mar 2022 09:39:27 -0700 (PDT) MIME-Version: 1.0 References: <000000000000cabcb505dae9e577@google.com> In-Reply-To: From: Muchun Song Date: Fri, 25 Mar 2022 00:38:50 +0800 Message-ID: Subject: Re: [syzbot] general protection fault in list_lru_add To: Dmitry Vyukov Cc: Linus Torvalds , syzbot , Andrew Morton , Linux Kernel Mailing List , Linux-MM , syzkaller-bugs Content-Type: multipart/mixed; boundary="000000000000517a9505daf97d52" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --000000000000517a9505daf97d52 Content-Type: text/plain; charset="UTF-8" On Fri, Mar 25, 2022 at 12:18 AM Dmitry Vyukov wrote: > > On Thu, 24 Mar 2022 at 17:13, Muchun Song wrote: > > > > On Thu, Mar 24, 2022 at 4:50 PM Dmitry Vyukov wrote: > > > > > > On Thu, 24 Mar 2022 at 09:44, Muchun Song wrote: > > > > > > > > On Thu, Mar 24, 2022 at 11:05 AM Linus Torvalds > > > > wrote: > > > > > > > > > > On Wed, Mar 23, 2022 at 7:19 PM Muchun Song wrote: > > > > > > > > > > > > After this commit, the rules of dentry allocations changed. > > > > > > The dentry should be allocated by kmem_cache_alloc_lru() > > > > > > > > > > Yeah, I looked at that, but I can't find any way there could be other > > > > > allocations - not only are there strict rules how to initialize > > > > > everything, but the dentries are free'd using > > > > > > > > > > kmem_cache_free(dentry_cache, dentry); > > > > > > > > > > and as a result if they were allocated any other way I would expect > > > > > things would go south very quickly. > > > > > > > > > > The only other thing I could come up with is some breakage in the > > > > > superblock lifetime so that &dentry->d_sb->s_dentry_lru would have > > > > > problems, but again, this is *such* core code and not some unusual > > > > > path, that I would be very very surprised if it wouldn't have > > > > > triggered other issues long long ago. > > > > > > > > > > That's why I'd be more inclined to worry about the list_lru code being > > > > > somehow broken. > > > > > > > > > > > > > I also have the same concern. I have been trying for a few hours to > > > > reproduce this issue, but it didn't oops on my test machine. And I'll > > > > continue reproducing this. > > > > > > syzbot triggered it 222 times in a day, so it's most likely real: > > > https://syzkaller.appspot.com/bug?extid=f8c45ccc7d5d45fc5965 > > > > > > There are 2 reproducers, but they look completely different. May be a race. > > > You may also try to use syzbot's patch testing feature to get some > > > additional debug info. > > > > Do you know how to tell the syzbot to test the following patch? > > I found some infos from github, it says "#syz test:", is it like the following? > > Thanks. > > > > #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git > > master > > Yes, this is correct. You can now see the request listed here: > https://syzkaller.appspot.com/bug?extid=f8c45ccc7d5d45fc5965 > Cool!. > but the patch was truncated (probably you email client messed > whitespaces). In such case it's more reliable to attach the patch as > text file. Thanks for your reminder. #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git 5abc1e37afa0335c52608d640fd30910b2eeda21 --000000000000517a9505daf97d52 Content-Type: application/octet-stream; name="test.patch" Content-Disposition: attachment; filename="test.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_l157vmgz0 ZGlmZiAtLWdpdCBhL21tL2xpc3RfbHJ1LmMgYi9tbS9saXN0X2xydS5jCmluZGV4IGM2NjlkODcw MDFhNi4uZGRiMmVlNjI3ZDMyIDEwMDY0NAotLS0gYS9tbS9saXN0X2xydS5jCisrKyBiL21tL2xp c3RfbHJ1LmMKQEAgLTY3LDYgKzY3LDcgQEAgbGlzdF9scnVfZnJvbV9rbWVtKHN0cnVjdCBsaXN0 X2xydSAqbHJ1LCBpbnQgbmlkLCB2b2lkICpwdHIsCiAJc3RydWN0IGxpc3RfbHJ1X25vZGUgKm5s cnUgPSAmbHJ1LT5ub2RlW25pZF07CiAJc3RydWN0IGxpc3RfbHJ1X29uZSAqbCA9ICZubHJ1LT5s cnU7CiAJc3RydWN0IG1lbV9jZ3JvdXAgKm1lbWNnID0gTlVMTDsKKwlpbnQga21lbWNnX2lkOwog CiAJaWYgKCFsaXN0X2xydV9tZW1jZ19hd2FyZShscnUpKQogCQlnb3RvIG91dDsKQEAgLTc1LDcg Kzc2LDEzIEBAIGxpc3RfbHJ1X2Zyb21fa21lbShzdHJ1Y3QgbGlzdF9scnUgKmxydSwgaW50IG5p ZCwgdm9pZCAqcHRyLAogCWlmICghbWVtY2cpCiAJCWdvdG8gb3V0OwogCi0JbCA9IGxpc3RfbHJ1 X2Zyb21fbWVtY2dfaWR4KGxydSwgbmlkLCBtZW1jZ19rbWVtX2lkKG1lbWNnKSk7CisJa21lbWNn X2lkID0gbWVtY2dfa21lbV9pZChtZW1jZyk7CisJbCA9IGxpc3RfbHJ1X2Zyb21fbWVtY2dfaWR4 KGxydSwgbmlkLCBrbWVtY2dfaWQpOworCWlmICghbCkgeworCQlwcl9pbmZvKCJCVUc6IHRoZSBt ZW1jZyglcHgpLT5vYmpjZyglcHgpLCBrbWVtY2dfaWQ6ICVkXG4iLAorCQkJbWVtY2csIG1lbWNn LT5vYmpjZywga21lbWNnX2lkKTsKKwkJQlVHKCk7CisJfQogb3V0OgogCWlmIChtZW1jZ19wdHIp CiAJCSptZW1jZ19wdHIgPSBtZW1jZzsK --000000000000517a9505daf97d52--