Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp2508491lqb; Tue, 28 May 2024 01:55:28 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX+eXSqdOyiEZYQtek5u5+s1XT1q7uMccPfWkMM0sU+l2Xj54JFOH18eslAnGadCTJF7O4jqMYnUFXZCP4LZMQwVMvmljMU5WxPFrFQaw== X-Google-Smtp-Source: AGHT+IFZnA0I5943rTXijcgU8aGL3Jd4pRGMdAiZEuNmdiTvmyRKRVyDeuB2xaHvpQZlqt+pbEMz X-Received: by 2002:a05:6a20:7344:b0:1af:8e8d:cefd with SMTP id adf61e73a8af0-1b212e5d037mr14147364637.51.1716886527679; Tue, 28 May 2024 01:55:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716886527; cv=pass; d=google.com; s=arc-20160816; b=ZTzM+TvHw0HWsZKaIW/WbgE0UIre7DpET7bTh7r3jwgPJxePvY/8rUFBgRr6U+s0n6 KuWEsmRpo1CKHnZsy2Kz8ILa8WjlLaBZRaLoZZncsV2CWlhccq/dTuuRVYgLOfUZI7CD Q+euEuQtiNpXme/ni75EkWD96UyejvdqzPZ4m9mcvgTbS7nsavHc32DLMEk0ehF6bOE6 DiZPaCkdZ+9KGaQCgyW53aBHDEmHIj5Z6qnYKbCHyuA7G7MQ/AObHuDwM0usWg6BQ5b0 v8A1yshIH7k1LxONaj86T5+9qm97PCzB/iOMcuJY5V5X7Smr1MyhvdF9iDakqF6RhwMa mqQQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature:dkim-signature :dkim-signature; bh=cf/DIrIqkNngYGIc9LY7Oes1+4CPY30wil1gdzYDQFk=; fh=tnmlslk7Trx3mqiLwxNewCo48o45gfak2ZV7PCGOSa4=; b=cECecbI1fVJHlHSCdwWrO/EpQ7UeH8/d/DcD0mgk5SF+5A5e7IPfPwwrl4Ng/YmzDZ nlw4teLq7KlWuN7q4yUFFBT1jp8jvKGPt4/ELbZZ/JVyYbkcHlujcV2jY+YO4m5yBwWX Tqw7uHbGK7NKLginuePdCEHcKSoVwEQU6bA2YJdsQlvba90cPTtJwHH+POTJFOuBi7Jj YgzAyD0Z+7LguwK60KokHNPrQ0b3rG9Ea80Gl16OdHlf9VBKSbjYFQi018mztnPMYxwn giL3KvOant+u75C4moZ4I0qmCjWU8qDV/thoX/LZnWl0kpMZQh0gDwBT6f9H8USswcFz e3Xg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=P9PsNj3Z; dkim=neutral (no key) header.i=@suse.de; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=P9PsNj3Z; dkim=neutral (no key) header.i=@suse.de; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-191966-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-191966-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2bf5fe34d7dsi7464974a91.90.2024.05.28.01.55.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 May 2024 01:55:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-191966-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=P9PsNj3Z; dkim=neutral (no key) header.i=@suse.de; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=P9PsNj3Z; dkim=neutral (no key) header.i=@suse.de; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-191966-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-191966-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id E3DF42851C2 for ; Tue, 28 May 2024 08:55:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2253013CABD; Tue, 28 May 2024 08:55:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="P9PsNj3Z"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="UOgm1OC7"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="P9PsNj3Z"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="UOgm1OC7" Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8369B38DE9; Tue, 28 May 2024 08:54:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716886500; cv=none; b=uc4obcrOQPTWis2zwQZjeTosdR46E5bPGtbdvMNes37r0P4ZSgayVGIBJedt+ESyrVI/9KXielFXkm2IkQmjssQ0Br/xJbCzYORxVSu7jknfHwm5sEyasratR24l3/wIlQsHHYPEaBtb55+783L5ZV1Pr3212ZKY+SSmboMTEn8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716886500; c=relaxed/simple; bh=z8XwY3J/gMwEq646NgknhH9Hy19jL9GCw+AjCU09HpE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=N2hw424ZnH35OtoT/SfQ4lK0SHQ+97SQpzRVZlqyiRyPfs7CwCuKNyzZH4CNDH17kdgQT02PRf5I2iJbsFY1KHrFv64t7X9Ak0IN47eDpyGI4niBOJrpL/QucE5wnH5/GgLNA5oCXMiyWGliIvhGau8q6rhMAk6ZokmZBe7OrIQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=P9PsNj3Z; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=UOgm1OC7; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=P9PsNj3Z; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=UOgm1OC7; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id AC74E201D4; Tue, 28 May 2024 08:54:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1716886496; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cf/DIrIqkNngYGIc9LY7Oes1+4CPY30wil1gdzYDQFk=; b=P9PsNj3ZjTYzd/+ty33EpcOV7VW9eyXxcAdBWuxS5WF7xUMHpW/IFcgF14sJvGa4vFUF3E rmPTxmr4OauaQ+igNnVzixF+D0TU2fB94zg11sOlepJ+J+VAHZbldIkgvbSl3E7zx2SAJk Xw7014sFFnAZLgwyM1SeVOh+P/LK8Qo= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1716886496; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cf/DIrIqkNngYGIc9LY7Oes1+4CPY30wil1gdzYDQFk=; b=UOgm1OC7q3yzw8ih6Xj1obvTtWsf1uRWpIRwJB4195GnP4WguIbfOrGmNaGqiOVPn+7YF6 9arzO5JlEE/NiSDA== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=P9PsNj3Z; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=UOgm1OC7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1716886496; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cf/DIrIqkNngYGIc9LY7Oes1+4CPY30wil1gdzYDQFk=; b=P9PsNj3ZjTYzd/+ty33EpcOV7VW9eyXxcAdBWuxS5WF7xUMHpW/IFcgF14sJvGa4vFUF3E rmPTxmr4OauaQ+igNnVzixF+D0TU2fB94zg11sOlepJ+J+VAHZbldIkgvbSl3E7zx2SAJk Xw7014sFFnAZLgwyM1SeVOh+P/LK8Qo= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1716886496; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cf/DIrIqkNngYGIc9LY7Oes1+4CPY30wil1gdzYDQFk=; b=UOgm1OC7q3yzw8ih6Xj1obvTtWsf1uRWpIRwJB4195GnP4WguIbfOrGmNaGqiOVPn+7YF6 9arzO5JlEE/NiSDA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 4839713A6B; Tue, 28 May 2024 08:54:56 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 8loVD+CbVWbmMwAAD6G6ig (envelope-from ); Tue, 28 May 2024 08:54:56 +0000 Date: Tue, 28 May 2024 10:54:54 +0200 From: Oscar Salvador To: syzbot Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, muchun.song@linux.dev, netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [mm?] kernel BUG in __vma_reservation_common Message-ID: References: <0000000000004096100617c58d54@google.com> <000000000000f9561b06196ef5b3@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="YnxdA7Vx1BYY1dRL" Content-Disposition: inline In-Reply-To: <000000000000f9561b06196ef5b3@google.com> X-Spam-Level: X-Spamd-Result: default: False [-4.01 / 50.00]; BAYES_HAM(-3.00)[100.00%]; DWL_DNSWL_MED(-2.00)[suse.de:dkim]; SUSPICIOUS_RECIPS(1.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; URI_HIDDEN_PATH(1.00)[https://syzkaller.appspot.com/x/.config?x=48c05addbb27f3b0]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[multipart/mixed,text/plain,text/x-patch]; MX_GOOD(-0.01)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; ARC_NA(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; MIME_TRACE(0.00)[0:+,1:+,2:+]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.de:dkim,suse.de:email]; DKIM_TRACE(0.00)[suse.de:+]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DNSWL_BLOCKED(0.00)[2a07:de40:b281:104:10:150:64:97:from,2a07:de40:b281:106:10:150:64:167:received]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_VIA_SMTP_AUTH(0.00)[]; TAGGED_RCPT(0.00)[d3fe2dc5ffe9380b714b]; HAS_ATTACHMENT(0.00)[]; MISSING_XM_UA(0.00)[]; SUBJECT_HAS_QUESTION(0.00)[] X-Rspamd-Action: no action X-Rspamd-Queue-Id: AC74E201D4 X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spam-Flag: NO X-Spam-Score: -4.01 --YnxdA7Vx1BYY1dRL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, May 27, 2024 at 05:50:24AM -0700, syzbot wrote: > syzbot has found a reproducer for the following issue on: > > HEAD commit: 66ad4829ddd0 Merge tag 'net-6.10-rc1' of git://git.kernel... > git tree: net-next > console+strace: https://syzkaller.appspot.com/x/log.txt?x=15c114aa980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=48c05addbb27f3b0 > dashboard link: https://syzkaller.appspot.com/bug?extid=d3fe2dc5ffe9380b714b > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17770d72980000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10db1592980000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/05c6f2231ef8/disk-66ad4829.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/5f4fc63b22e3/vmlinux-66ad4829.xz > kernel image: https://storage.googleapis.com/syzbot-assets/67f5c4c88729/bzImage-66ad4829.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+d3fe2dc5ffe9380b714b@syzkaller.appspotmail.com Let us see if the attached patch fixes it. -- Oscar Salvador SUSE Labs --YnxdA7Vx1BYY1dRL Content-Type: text/x-patch; charset=us-ascii Content-Disposition: attachment; filename="0001-mm-hugetlb-Do-not-call-vma_add_reservation-upon-ENOM.patch" From 917fa54481422c650425c8b0330439f8a3308479 Mon Sep 17 00:00:00 2001 From: Oscar Salvador Date: Tue, 28 May 2024 10:43:14 +0200 Subject: [PATCH] mm/hugetlb: Do not call vma_add_reservation upon ENOMEM sysbot reported a splat [1] on __unmap_hugepage_range(). This is because vma_needs_reservation() can return -ENOMEM if allocate_file_region_entries() fails to allocate the file_region struct for the reservation. Check for that and do not call vma_add_reservation() if that is the case, otherwise region_abort() and region_del() will see that we do not have any file_regions. If we detect that vma_needs_reservation returned -ENOMEM, we clear the hugetlb_restore_reserve flag as if this reservation was still consumed, so free_huge_folio will not increment the resv count. [1] https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/T/#ma5983bc1ab18a54910da83416b3f89f3c7ee43aa Reported-by: syzbot+d3fe2dc5ffe9380b714b@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/ Signed-off-by: Oscar Salvador --- mm/hugetlb.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 6be78e7d4f6e..a178e4bcca1b 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5768,8 +5768,20 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, * do_exit() will not see it, and will keep the reservation * forever. */ - if (adjust_reservation && vma_needs_reservation(h, vma, address)) - vma_add_reservation(h, vma, address); + if (adjust_reservation) { + int rc = vma_needs_reservation(h, vma, address) + + if (rc < 0) + /* Pressumably allocate_file_region_entries failed + * to allocate a file_region struct. Clear + * hugetlb_restore_reserve so that global reserve + * count will not be incremented by free_huge_folio. + * Act as if we consumed the reservation. + */ + folio_clear_hugetlb_restore_reserve(folio); + else if (rc) + vma_add_reservation(h, vma, address); + } tlb_remove_page_size(tlb, page, huge_page_size(h)); /* -- 2.45.1 --YnxdA7Vx1BYY1dRL--