Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp803821pxb; Fri, 22 Apr 2022 11:29:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwSdNqzz3lrjL3KPA8OLCfwAYd0jAmRaopZ74x9GkJW6ZkBgD2s+vanMTdm8nCVXj7NlEAX X-Received: by 2002:a17:90a:6c64:b0:1cb:a150:52d with SMTP id x91-20020a17090a6c6400b001cba150052dmr6692656pjj.111.1650652143266; Fri, 22 Apr 2022 11:29:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650652143; cv=none; d=google.com; s=arc-20160816; b=ySzdxt1/X7/hG/1zwutAXcaM2l4NUDh35BegPxTsZ/sG3FzZJUCSJDJxwIUsYkDhge mBP5pMu1jieZFlab8i1RBs8JGE8m6h/8flFE8dKm2XLcvcLYm96GlKACR8f1o15ugv3n qDRI0W/51VMgG8qpCzNWlIPwWeBzf3CdjpwYVW8dzvJAc757TM9yg9rCpW1iJBzejbuw 6VBIYVm45e+MsNRX58qipSVO8i7A2LETi1o1OIs9n3CAHY3Wcg4BXY33lpQw9/fMPC6c jyheCrX4YPCcyegDAE2lolQ8w9iThAGK8IOA5kqzfjTAK3ISmphhstwsCxQgPbhfnZsY cS4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=CsjTxEEAvysZcrGQCgnoFVKXKLqNd9huKoE9KzmmMI0=; b=MaNe38XXPkEBtUk5MpevR6TioPjn8F/pZ5t2KqXLlMxwBrr4FotCyGojkgG1eoP/73 QIUOarsvUFGDMY/dgIjbjxnrj9W7uAMcUJnDPrBcnJXjw9YKSgbvJLK1l/Bs6uJIjAr6 RFh2GE5xNiBfW5JDfa1LD2P5Nqct62CeJ2a3mIpjfBAXJFCPpZPGGwu6TRkV6e3yxBy9 xeCUInas8ofa3xEIbJJ2kLnmcir0Vv05VF5JQpv0Un4dia1nYXPJaaTCfj2JRW+CGIMF aFbci/JvkLt5PLw3oDxBvt1lVLfd84gVv9bUuxezDowRZi2gV+tuW9BKRxAeHFVdqGvb ntRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=svVpZpsC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id a12-20020a1709027d8c00b00153b2d16579si6813480plm.385.2022.04.22.11.29.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 11:29:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=svVpZpsC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 83D7414C3CA; Fri, 22 Apr 2022 10:58:37 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1392039AbiDVKlY (ORCPT + 99 others); Fri, 22 Apr 2022 06:41:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243767AbiDVKlT (ORCPT ); Fri, 22 Apr 2022 06:41:19 -0400 Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA93054F96 for ; Fri, 22 Apr 2022 03:38:25 -0700 (PDT) Received: by mail-yb1-xb2f.google.com with SMTP id b95so13745976ybi.1 for ; Fri, 22 Apr 2022 03:38:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CsjTxEEAvysZcrGQCgnoFVKXKLqNd9huKoE9KzmmMI0=; b=svVpZpsCBwi05D6HGuAV6VNl0TnNbi1By/r9OWleeVotyMkYhrsbqEJDIDSdPkREjz 3362oZIRJFtkLcg5aEJpF3n1xd6ipXFEq/j48MVsozpuWi4XWg+JUCI54KpRFm6k9fuH iuiYLtukeDIzvPYOnFvdeD/Dh3cWMScn6ijy/wJ9dMAM+Ai2YRgE3cPtVrKFn8pBOMiS p0gTaif83J768pmvmDZo9cf506rFJd/SfdoLFgYs7uAXbxxuhhAh95UKsS8QPEpG0lM9 hAwDNyeI/sHaoL/fQQkj7rT73VhtZtRoFC2YjZupOfhfwmA9IsZitPApsKPfei2M4NAh nktA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CsjTxEEAvysZcrGQCgnoFVKXKLqNd9huKoE9KzmmMI0=; b=oWVVKyTo/o52LgJuaaZWdk+HA3g2fXi3+gizbs8CDgJEFIfgZl3qom8Mm16FNzLohN 6wpAbFnMcfZQ0wer012UUSNeoS7wgNuEX46N9JouxYakPJvX4NaZRi4n9UvuZbdW8GNJ 0BPzRTRpeqLgkVgXsFVFyIicAAnwIy8wzCjn/uCY9wraCdNOYBHsGaaM3wKlOA82Qind qMP4djFHaBGoDYqno3wgyrj5V5Ph816ZRjlsNJDCyjiHQH72JDq8CU3xoQTBn5Dxu2oG 2lagGGWoU7OB+xmzRq0+fIiRzng135CdRCFHVtfHhyi032Y8TVyeMjxfTeZRfUsHNLkB W90Q== X-Gm-Message-State: AOAM530Pyd9CQo/2s7IYyg0AOnHqGKM3EnDgqW5bD3dbUTtpcXvtu5Qo yvBRNGgvVT/djDgRo/Cod3GypjP7plYgkjlklrahrA== X-Received: by 2002:a25:9b85:0:b0:63d:ad6c:aae8 with SMTP id v5-20020a259b85000000b0063dad6caae8mr3527563ybo.609.1650623904827; Fri, 22 Apr 2022 03:38:24 -0700 (PDT) MIME-Version: 1.0 References: <000000000000f46c6305dd264f30@google.com> In-Reply-To: From: Marco Elver Date: Fri, 22 Apr 2022 12:37:48 +0200 Message-ID: Subject: Re: [syzbot] WARNING in __kfence_free To: Muchun Song Cc: syzbot , akpm@linux-foundation.org, dvyukov@google.com, glider@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, Roman Gushchin , cgroups@vger.kernel.org, Andrey Konovalov Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 22 Apr 2022 at 07:09, Muchun Song wrote: > > On Thu, Apr 21, 2022 at 11:12:17AM +0200, Marco Elver wrote: > > On Thu, Apr 21, 2022 at 01:58AM -0700, syzbot wrote: > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: 559089e0a93d vmalloc: replace VM_NO_HUGE_VMAP with VM_ALLO.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=10853220f00000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=2e1f9b9947966f42 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=ffe71f1ff7f8061bcc98 > > > compiler: aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > > > userspace arch: arm64 > > > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > Reported-by: syzbot+ffe71f1ff7f8061bcc98@syzkaller.appspotmail.com > > > > > > ------------[ cut here ]------------ > > > WARNING: CPU: 0 PID: 2216 at mm/kfence/core.c:1022 __kfence_free+0x84/0xc0 mm/kfence/core.c:1022 > > > > That's this warning in __kfence_free: > > > > #ifdef CONFIG_MEMCG > > KFENCE_WARN_ON(meta->objcg); > > #endif > > > > introduced in 8f0b36497303 ("mm: kfence: fix objcgs vector allocation"). > > > > Muchun, are there any circumstances where the assumption may be broken? > > Or a new bug elsewhere? > > meta->objcg always should be NULL when reaching __kfence_free(). > In theory, meta->objcg should be cleared via memcg_slab_free_hook(). > > I found the following code snippet in do_slab_free(). > > /* memcg_slab_free_hook() is already called for bulk free. */ > if (!tail) > memcg_slab_free_hook(s, &head, 1); > > The only posibility is @tail is not NULL, which is the case of > kmem_cache_free_bulk(). However, here the call trace is kfree(), > it seems to be impossible that missing call memcg_slab_free_hook(). Fair enough - we can probably wait for the bug to reoccur on another instance, and until then assume something else wrong. What is slightly suspicious is that it only occurred once on a QEMU TCG arm64 MTE instance. Thanks, -- Marco