Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp2378085rwi; Fri, 21 Oct 2022 03:13:58 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6FL65RtkGYl4fGxxbOqfC31KWszvwQOS5EJHBQhv9Aqyt8YuVGEbCLi93i2gfXKJxgreP5 X-Received: by 2002:a05:6402:1604:b0:458:b2b7:bd5a with SMTP id f4-20020a056402160400b00458b2b7bd5amr15924581edv.73.1666347238471; Fri, 21 Oct 2022 03:13:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666347238; cv=none; d=google.com; s=arc-20160816; b=dBEf6Py+h0xqPTYwBcyaqH/DnEPGL+rq9n5DtitMQFs65yCTQLs0sT2b02O6Z32Xgp 9bClYYKMnBWNjZ/0RnWS/EAgjF/4AFra9toKmlw+Snsr32EJQQNPZzgsc92TCzLAd1IC v8NPRC0CD/iTptNpYGBQERPlKEnQ8fdeQQ6OJfZOg2x5cSUgNlAVRiVD5qlWKg4ImoNP U4G8b0FyLn4uwFDVIzcdvKz7L3URumMASgZFPRgnkXZ+iQd03jqL9IcvBh5tdQ33Owpn ehHiRaR5vMeDNRMvjESK5St7gmvPLnI2jrw80OkG7IgBRwOfNd50RZHCr4bwZxEtfGpt LiPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=bMpgRm8IlhgCe5M7hD4vSBejwOya5nilyQHFGdlXo3U=; b=AI5h+QnsDm7LX4bkm3nuAndpbcJhnd3eWIbtJ9G1+/wmQ+ZyFM548X6w3Ra8KkoJ5h bmMssQnCUFwiZqMb49go+yl2MVywtKAW1354y69EOUL3C5Gx5RiUyWc3JnCQdNBfICqy j3Np/H0i0MCrXu3kp3ok32lCDnHI0nH0lhdhGzgZ33xfUlGGRyazbl71mw5yhJY4jAzy T2MSXKAv8mB7DqDFwOe48flJV6YnT4+x2iTT4OBSSF350ME3b24VGhitX51dD4aueZa1 BVdOZ/SYJU9hcalnfkQOhEfmoCNI1jaM0M/fclJTMYhBhX7mh0raIlox5fYAzwOOZEq9 WK1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r8-20020a170906280800b00782e437a368si15866918ejc.160.2022.10.21.03.13.32; Fri, 21 Oct 2022 03:13:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230040AbiJUJ5Z (ORCPT + 99 others); Fri, 21 Oct 2022 05:57:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229608AbiJUJ5Y (ORCPT ); Fri, 21 Oct 2022 05:57:24 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 61882256D15 for ; Fri, 21 Oct 2022 02:57:23 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 679EDED1; Fri, 21 Oct 2022 02:57:29 -0700 (PDT) Received: from FVFF77S0Q05N (unknown [10.57.6.231]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 13E813F67D; Fri, 21 Oct 2022 02:57:21 -0700 (PDT) Date: Fri, 21 Oct 2022 10:57:19 +0100 From: Mark Rutland To: Andrew Morton Cc: syzbot , jiebin.sun@intel.com, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, tim.c.chen@linux.intel.com Subject: Re: [syzbot] BUG: unable to handle kernel paging request in percpu_counter_add_batch Message-ID: References: <000000000000e528a905eb822440@google.com> <20221020194427.68571e92bc33d98a05c852aa@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221020194427.68571e92bc33d98a05c852aa@linux-foundation.org> X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 20, 2022 at 07:44:27PM -0700, Andrew Morton wrote: > On Thu, 20 Oct 2022 19:24:40 -0700 syzbot wrote: > Well. freeque() messes with ns->percpu_msg_hdrs but msg_exit_ns() > already did percpu_counter_destroy(&ns->percpu_msg_hdrs); > > I'm thinking something like this? > > --- a/ipc/msg.c~a > +++ a/ipc/msg.c > @@ -1329,11 +1329,11 @@ fail_msg_bytes: > #ifdef CONFIG_IPC_NS > void msg_exit_ns(struct ipc_namespace *ns) > { > - percpu_counter_destroy(&ns->percpu_msg_bytes); > - percpu_counter_destroy(&ns->percpu_msg_hdrs); > free_ipcs(ns, &msg_ids(ns), freeque); > idr_destroy(&ns->ids[IPC_MSG_IDS].ipcs_idr); > rhashtable_destroy(&ns->ids[IPC_MSG_IDS].key_ht); > + percpu_counter_destroy(&ns->percpu_msg_bytes); > + percpu_counter_destroy(&ns->percpu_msg_hdrs); > } > #endif That seems to fix the issue for me, testing with the reproducer in my prior reply. Previously that would trigger within seconds, and with the above applied I couldn't get it to trigger after 15+ minutes of repeated test runs. FWIW: Tested-by: Mark Rutland Thanks, Mark.