Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp4686624pxb; Mon, 28 Mar 2022 01:10:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwVsHRoYOHzSnO1jPCqNh+2KqhCEG5vXfDYjndqzgM+dP4eTVVC0v1ks50q5gSI1+AwlpoK X-Received: by 2002:a05:6a00:ac1:b0:4f1:29e4:b3a1 with SMTP id c1-20020a056a000ac100b004f129e4b3a1mr22451107pfl.63.1648455054717; Mon, 28 Mar 2022 01:10:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648455054; cv=none; d=google.com; s=arc-20160816; b=yc5sOoF9CnJWxWHS6/iZKZ1to7UqmEXchQDPP1Te6pIQpQDtk9NeoI2XWsPyu48ugB VGrm1u8I98pgs0E5DkpgPD6KmpHpcH4g23dbtjNJQfc1T2hGvyr3yYSUCHnRcaB24gdG DtQUwjsHUXw3WkWxRAzKoKTyN5lXJQwn6ZYCPBiWJi41r79CsssYnAt/zPQu959BCuvw AXzxFySkZotahITZtq2SEn/8l9pIloTfwgy33XPIiItIjP/SUSlQ15finaIAWFi215i4 9szWJw4Lw6SVwTqDWCvNGngY/SbXlpXpTolukvA/0acb5C4+8eciTHgpOtR+VdVY6Dz5 upYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=YgicqkCAvKN3gU0TpIKb4dIuI5ODIxLQrQ5+n0JgnmE=; b=p9e7GAIiKn8QozYpcf4zgD1X3YBx4TzcyInsQwKFk3LabI/VbjIMAwRNp1bngcR04z KPlvnV7A09YdGS4kHGMXC8bZkmJJdyYXQfJH5LVI5JWXLmGX2BQGWv2oPzSZ8Md8cP2C JTJg3ukfjdu9eRfbtcCQyv3+W+TMlKIWHHOBYkfqw8YKbKsG6NVEJUrxkUmH8+u3E8QX x0hePt9chufOzP8FLAHNq6lz3CWSWm38KHqlJ+aiKS6sP1NjcdsO5bRJoammJ4fqT3HX HCMLqCRQUCY6SXq0vKEiuPAxhRtYcZQllnNw3dr84zX7RHB0UiULww9VtPGE/u0UJ8pV A93w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=jlGIuagy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s2-20020a63e802000000b003820b4f8361si9742431pgh.182.2022.03.28.01.10.41; Mon, 28 Mar 2022 01:10:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=jlGIuagy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235059AbiC0F3g (ORCPT + 99 others); Sun, 27 Mar 2022 01:29:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235030AbiC0F3c (ORCPT ); Sun, 27 Mar 2022 01:29:32 -0400 Received: from mail-yw1-x112e.google.com (mail-yw1-x112e.google.com [IPv6:2607:f8b0:4864:20::112e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA78441FB4 for ; Sat, 26 Mar 2022 22:27:54 -0700 (PDT) Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-2d07ae0b1c4so118493477b3.11 for ; Sat, 26 Mar 2022 22:27:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YgicqkCAvKN3gU0TpIKb4dIuI5ODIxLQrQ5+n0JgnmE=; b=jlGIuagyuKA21DL3+KdYHrYYfkokePE6pXILsVDiB+4HHTDI1p7HME4hzVEcno/3dS PELGTjLfGCih+cQ86kYVUHStNAWvNF5mYRH4fngt23A5ZvyXar7InfP5+ZAHO/Nq7GF9 cHyLrBaA1xgBp5Ae4ok/YUDJp7XQ8ZNiwS0x2VbUEOLPB6bU1lSH/BzjNpwGcN2GXH+p 0z5kkfW5v40Vxikp9SyJm8LiL03mUk+EQwljGFAGaTWyk7WpDyVXyXPrhRfkbZQ/7f5z 2psHl3yMYvkz0UycClNrJUyPA1WJNBuekLf8cUTKHbvc5NrJUbiPUU1Ia4r9oPlcF+x4 XHYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YgicqkCAvKN3gU0TpIKb4dIuI5ODIxLQrQ5+n0JgnmE=; b=WxepPSU8WiLuf/z94rzoaR1WG9VyxD068swQrYRyesj/0DUe5dAhRbnhBrMfatFKKo dwvrt1IIVUPZbdAQCMStQwsqpRF/mSTebhWQveCEavMYAYE20gwLJxfGC98N83yq7Sp9 stwqjJcXH3j56bBO4Ljm6PwL8PRqUn+SpfNmGirditWvDUsjL3+x3qO3MB/UucTm7kIN xed0k87rqYpkeRFIp/G07m7l+iNIPSfSYwXoHBL2vNQ0+QuR4zqBOO/KcWWsN0WgfCiF gdjKbkXWcwCI6wJc23u5YdpfQbJIExgctazlszZ66H3IwTbk7chPlt6dsOh/eQAwyww0 BQEA== X-Gm-Message-State: AOAM532ty72H0zB/RG1XxGUiNfg0WhlIB9oqtVitp2n9mxX6EvNmQdMx iCiAcw8dMWVkg/qQ3a40NyXVwD2+kHo35JiUIIza2U2HmzhTmA== X-Received: by 2002:a81:5dd6:0:b0:2d6:3041:12e0 with SMTP id r205-20020a815dd6000000b002d6304112e0mr19445727ywb.331.1648358873967; Sat, 26 Mar 2022 22:27:53 -0700 (PDT) MIME-Version: 1.0 References: <000000000000cabcb505dae9e577@google.com> In-Reply-To: From: Muchun Song Date: Sun, 27 Mar 2022 13:27:17 +0800 Message-ID: Subject: Re: [syzbot] general protection fault in list_lru_add To: Linus Torvalds Cc: syzbot , Andrew Morton , LKML , Linux Memory Management List , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 26, 2022 at 4:29 AM Linus Torvalds wrote: > > On Fri, Mar 25, 2022 at 2:52 AM Muchun Song wrote: > > > > We can see that we put the dentry (ffff88807ebda0f8) into > > the list_lru (ffff888011bd47f0). But we do not allocate struct > > list_lru_one for the memcg (ffff88801c530000). Then it panics. > > Hmm. > > Looking at memcg_slab_pre_alloc_hook(), I note that it will return > success without doing the LRU checking for several cases. > > So since you can reproduce the problem, I would suggest you add some > debug code to __d_alloc() that prints out something big if it gets a > dentry but you can't look up the list_lru_one() for that dentry. > > Hmm? > > The only other situation I can think of is if dentry->d_sb were to > change during the dentry lifetime, but I don't think that can happen. > The only assignment I can find with "git grep" is that > > dentry->d_sb = sb; > > in __d_alloc(), and while it's possible my grep pattern was bogus, it > sounds unlikely. > I have found the root cause, it was caused by kfence. Here is the fix patch [1]. [1] https://lore.kernel.org/all/20220327051853.57647-1-songmuchun@bytedance.com/ Thanks.