From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED474C3815B for ; Mon, 20 Apr 2020 15:07:02 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B76B32074F for ; Mon, 20 Apr 2020 15:07:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B76B32074F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 527E28E0006; Mon, 20 Apr 2020 11:07:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4D8A28E0003; Mon, 20 Apr 2020 11:07:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 379A78E0006; Mon, 20 Apr 2020 11:07:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0236.hostedemail.com [216.40.44.236]) by kanga.kvack.org (Postfix) with ESMTP id 1EBF48E0003 for ; Mon, 20 Apr 2020 11:07:02 -0400 (EDT) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id D1CA0440B for ; Mon, 20 Apr 2020 15:07:01 +0000 (UTC) X-FDA: 76728561042.30.need28_203e37f56cb31 X-HE-Tag: need28_203e37f56cb31 X-Filterd-Recvd-Size: 4253 Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by imf38.hostedemail.com (Postfix) with ESMTP for ; Mon, 20 Apr 2020 15:07:01 +0000 (UTC) Received: by mail-wm1-f67.google.com with SMTP id y24so11828852wma.4 for ; Mon, 20 Apr 2020 08:07:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=owGb+0hL00o8Fy1H4zbSX1/Jr+lcLsgBQzWgcg0yHN8=; b=Mimr02KQQgUKXvoozVezNSRQYZEazvPA6bGyPJpziAsmocZ1tTC1J0sHGt71isX3+V CsCodMzCAWd4V13mZxyDoE3ZMJuWkPptKHcTohydV0h/vxiSpBYPsQuzP5HKZvhG6JZ2 r3I2JBlil+QlhmmQRxDAIwu8MOUiToCyLQpVM5qj2r9OSEiwnLUqLjL75kNwOTfUBaSg +FYS/Agea2yjM1hL/Y15K8NkWuo3Gsvt2gfPluUAIt/PT+IvFKDgRQwEv+A1lx7A3x6V 7YQuDUvnLwiAXozrI1OyeDgacX8J1uWkoh8dcYAoOl3D9HXm5G6s5wGEiw1W5utCe6Dr fMXQ== X-Gm-Message-State: AGi0PuZo73UA0ue+wb/zR4k4repPmgkpi2TK9aMe7KL1LNcBDW6TcTWf bUUo0l95/JgyOttDG3TOnu8= X-Google-Smtp-Source: APiQypKBfWSgISu6VNXcoIm1QQ/+6r9SgMhnCNyFbVKdm2icgGc0gaN7dPIzPKzEdIJ4ZqihDoruGw== X-Received: by 2002:a1c:770f:: with SMTP id t15mr17785518wmi.178.1587395220282; Mon, 20 Apr 2020 08:07:00 -0700 (PDT) Received: from localhost (ip-37-188-130-62.eurotel.cz. [37.188.130.62]) by smtp.gmail.com with ESMTPSA id l6sm1542091wrb.75.2020.04.20.08.06.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Apr 2020 08:06:59 -0700 (PDT) Date: Mon, 20 Apr 2020 17:06:58 +0200 From: Michal Hocko To: Hillf Danton Cc: syzbot , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, Minchan Kim , Johannes Weiner , linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Subject: Re: kernel BUG at include/linux/mm.h:699 Message-ID: <20200420150658.GR27314@dhcp22.suse.cz> References: <0000000000005103e405a3a66ecd@google.com> <20200420041533.5304-1-hdanton@sina.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200420041533.5304-1-hdanton@sina.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon 20-04-20 12:15:33, Hillf Danton wrote: > > Sun, 19 Apr 2020 08:28:14 -0700 > > syzbot found the following crash on: > > > > HEAD commit: 8632e9b5 Merge tag 'hyperv-fixes-signed' of git://git.kern.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=11ac6be0100000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=5d351a1019ed81a2 > > dashboard link: https://syzkaller.appspot.com/bug?extid=a923008018a2d298247b > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > > Unfortunately, I don't have any reproducer for this crash yet. > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > Reported-by: syzbot+a923008018a2d298247b@syzkaller.appspotmail.com > > > > raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 > > page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) This looks like a page reference count underflow. If there is a reproducer then page_owner might help to tell who was the last owner. [...] > Flush TLB every chance before we get every thing done. > > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -1080,8 +1080,8 @@ again: > page_remove_rmap(page, false); > if (unlikely(page_mapcount(page) < 0)) > print_bad_pte(vma, addr, ptent, page); > + force_flush = 1; > if (unlikely(__tlb_remove_page(tlb, page))) { > - force_flush = 1; > addr += PAGE_SIZE; > break; > } > @@ -1146,10 +1146,9 @@ again: > tlb_flush_mmu(tlb); > } > > - if (addr != end) { > - cond_resched(); > + cond_resched(); > + if (addr != end) > goto again; > - } > > return addr; > } This patch doesn't make any sense to me wrt to the above report. What are you trying to achieve? -- Michal Hocko SUSE Labs