lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 9 Mar 2020 12:24:23 +0300
From:   "Kirill A. Shutemov" <kirill@...temov.name>
To:     syzbot <syzbot+826543256ed3b8c37f62@...kaller.appspotmail.com>,
        Alex Shi <alex.shi@...ux.alibaba.com>
Cc:     akpm@...ux-foundation.org, cgroups@...r.kernel.org,
        hannes@...xchg.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, mhocko@...nel.org,
        syzkaller-bugs@...glegroups.com, vdavydov.dev@...il.com
Subject: Re: linux-next test error: BUG: using __this_cpu_read() in
 preemptible code in __mod_memcg_state

On Sat, Mar 07, 2020 at 01:05:10PM -0800, syzbot wrote:
> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    b86a6a24 Add linux-next specific files for 20200306
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1766b731e00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=9c79dccc623ccc6f
> dashboard link: https://syzkaller.appspot.com/bug?extid=826543256ed3b8c37f62
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> 
> Unfortunately, I don't have any reproducer for this crash yet.
> 
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+826543256ed3b8c37f62@...kaller.appspotmail.com
> 
> check_preemption_disabled: 3 callbacks suppressed
> BUG: using __this_cpu_read() in preemptible [00000000] code: syz-fuzzer/9432
> caller is __mod_memcg_state+0x27/0x1a0 mm/memcontrol.c:689
> CPU: 1 PID: 9432 Comm: syz-fuzzer Not tainted 5.6.0-rc4-next-20200306-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:77 [inline]
>  dump_stack+0x188/0x20d lib/dump_stack.c:118
>  check_preemption_disabled lib/smp_processor_id.c:47 [inline]
>  __this_cpu_preempt_check.cold+0x84/0x90 lib/smp_processor_id.c:64
>  __mod_memcg_state+0x27/0x1a0 mm/memcontrol.c:689
>  __split_huge_page mm/huge_memory.c:2575 [inline]
>  split_huge_page_to_list+0x124b/0x3380 mm/huge_memory.c:2862
>  split_huge_page include/linux/huge_mm.h:167 [inline]

It looks like a regression due to c8cba0cc2a80 ("mm/thp: narrow lru
locking").

Alex?

>  madvise_free_huge_pmd+0x873/0xb90 mm/huge_memory.c:1766
>  madvise_free_pte_range+0x6ff/0x2650 mm/madvise.c:584
>  walk_pmd_range mm/pagewalk.c:89 [inline]
>  walk_pud_range mm/pagewalk.c:160 [inline]
>  walk_p4d_range mm/pagewalk.c:193 [inline]
>  walk_pgd_range mm/pagewalk.c:229 [inline]
>  __walk_page_range+0xcfb/0x2070 mm/pagewalk.c:331
>  walk_page_range+0x1bd/0x3a0 mm/pagewalk.c:427
>  madvise_free_single_vma+0x384/0x550 mm/madvise.c:731
>  madvise_dontneed_free mm/madvise.c:819 [inline]
>  madvise_vma mm/madvise.c:958 [inline]
>  do_madvise mm/madvise.c:1161 [inline]
>  do_madvise+0x5ba/0x1b80 mm/madvise.c:1084
>  __do_sys_madvise mm/madvise.c:1189 [inline]
>  __se_sys_madvise mm/madvise.c:1187 [inline]
>  __x64_sys_madvise+0xae/0x120 mm/madvise.c:1187
>  do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
>  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x460bf7
-- 
 Kirill A. Shutemov

Powered by blists - more mailing lists