From: Lorenzo Stoakes <ljs@kernel.org>
To: ZhengYuan Huang <gality369@gmail.com>
Cc: "David Hildenbrand (Arm)" <david@kernel.org>,
akpm@linux-foundation.org, Liam.Howlett@oracle.com,
vbabka@kernel.org, rppt@kernel.org, surenb@google.com,
mhocko@suse.com, willy@infradead.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, baijiaju1990@gmail.com,
r33s3n6@gmail.com, zzzccc427@gmail.com
Subject: Re: [PATCH] mm: prepare anon_vma before swapin rmap
Date: Wed, 22 Apr 2026 11:20:16 +0100 [thread overview]
Message-ID: <aeigig1ebWkMYgLX@lucifer> (raw)
In-Reply-To: <CAOmEq9XF0P-=QyStrCr0khCsGvPO5SCHdXShKNa3PeST3abw9g@mail.gmail.com>
On Wed, Apr 22, 2026 at 03:59:57PM +0800, ZhengYuan Huang wrote:
> On Sun, Apr 19, 2026 at 10:21 PM Lorenzo Stoakes <ljs@kernel.org> wrote:
> >
> > On Sun, Apr 19, 2026 at 10:19:59AM +0200, David Hildenbrand (Arm) wrote:
> > > On 4/18/26 11:35, Lorenzo Stoakes wrote:
> > > > On Fri, Apr 17, 2026 at 01:57:59PM +0200, David Hildenbrand (Arm) wrote:
> > > > > Maybe there was a scenario where we could have lost vma->anon_vma during
> > > > > a merge, resulting in a swapped page in an anon_vma.
> > > >
> > > > Unless there's a bug (and correct me if I'm misinterpreting), VMA merge requires
> > > > vma->anon_vma to either be equal for merged adjacent VMAs, or one or the other
> > > > VMA to have NULL vma->anon_vma, in which case we set vma->anon_vma in the merged
> > > > VMA.
> > >
> > > I think you didn't understand what I was trying to say.
> >
> > Let me take more of a look then!
> >
> > >
> > > The reporter claimed that it happened on 6.18. Nobody knows on which patch
> > > version (stable tree?).
> > >
> > > I was wondering whether your fix
> > >
> > > commit 3b617fd3d317bf9dd7e2c233e56eafef05734c9d
> > > Author: Lorenzo Stoakes <ljs@kernel.org>
> > > Date: Mon Jan 5 20:11:49 2026 +0000
> > >
> > > mm/vma: enforce VMA fork limit on unfaulted,faulted mremap merge too
> > >
> > > that went into 6.19 might have resolved this problem.
> >
> > Ahhh, no not that one (it affects merge of VMAs that have a CoW hierarchy which
> > we shouldn't allow) but 61f67c230a5e actually could cause this.
> >
> > Can see from https://kernel.dance/#61f67c230a5e it was backported to 6.18.7 I
> > think.
> >
> > ZhengYuan - can you try seeing if it repro's with/without that?
> >
> > If you're testing literally at v6.18 in Linus's tree say and NOT on a stable
> > tree, then that's your problem - you're essentially testing a known-buggy kernel
> > (we always find stuff later and send to stable, just how it is).
>
> I can reproduce the issue on 6.18.7, but I can no longer reproduce it on 6.18.8.
> So it does look like the problem has already been fixed by commit 61f67c230a5e.
>
> Thanks everyone for the insights and pointers.
Pointers always makes me think of https://xkcd.com/138/ ;)
Thanks for reporting the issue, I'm glad that the fix has that handled (mea
culpa for introducing the bug! :)
>
> This issue was originally found by our fuzzing tool. Unfortunately,
> our reproducer generation is still a bit unreliable, so I cannot
> provide a standalone reproducer at the moment. However, given that the
> issue appears to be fixed, I suppose that is no longer strictly
> necessary.
>
> Let me know if further testing is needed.
No that's fine, you've confirmed the expected revisions and really I think it
has to be that fix that got it.
>
> Thanks,
> ZhengYuan Huang
Cheers, Lorenzo
prev parent reply other threads:[~2026-04-22 10:20 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-17 1:16 [PATCH] mm: prepare anon_vma before swapin rmap ZhengYuan Huang
2026-04-17 4:03 ` Matthew Wilcox
2026-04-18 9:38 ` Lorenzo Stoakes
2026-04-17 10:53 ` David Hildenbrand (Arm)
2026-04-17 11:57 ` David Hildenbrand (Arm)
2026-04-17 13:03 ` Matthew Wilcox
2026-04-17 13:36 ` Vlastimil Babka (SUSE)
2026-04-17 15:09 ` Matthew Wilcox
2026-04-18 9:35 ` Lorenzo Stoakes
2026-04-19 8:19 ` David Hildenbrand (Arm)
2026-04-19 14:21 ` Lorenzo Stoakes
2026-04-22 7:59 ` ZhengYuan Huang
2026-04-22 10:20 ` Lorenzo Stoakes [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aeigig1ebWkMYgLX@lucifer \
--to=ljs@kernel.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=baijiaju1990@gmail.com \
--cc=david@kernel.org \
--cc=gality369@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
--cc=r33s3n6@gmail.com \
--cc=rppt@kernel.org \
--cc=surenb@google.com \
--cc=vbabka@kernel.org \
--cc=willy@infradead.org \
--cc=zzzccc427@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox