From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0342D69107 for ; Thu, 28 Nov 2024 13:04:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 247296B0083; Thu, 28 Nov 2024 08:04:06 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1F70B6B0085; Thu, 28 Nov 2024 08:04:06 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0E6A26B0088; Thu, 28 Nov 2024 08:04:06 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E52DF6B0083 for ; Thu, 28 Nov 2024 08:04:05 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 56D2012065C for ; Thu, 28 Nov 2024 13:04:05 +0000 (UTC) X-FDA: 82835521440.24.47F0F6F Received: from mail115-63.sinamail.sina.com.cn (mail115-63.sinamail.sina.com.cn [218.30.115.63]) by imf05.hostedemail.com (Postfix) with ESMTP id C181010000A for ; Thu, 28 Nov 2024 13:03:48 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf05.hostedemail.com: domain of hdanton@sina.com designates 218.30.115.63 as permitted sender) smtp.mailfrom=hdanton@sina.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732799038; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GBFnZPsbN+JmJ96PViaFPA1jn21buJa/NiFEiG1Eqoc=; b=VST86fLpeDCkfbuqY1vop55eQ+WYKKt8UHekgK5J7MStQrlxXVUbAoBwDGxLmcCHkTqLdc +8wvUWwjAiiReHgHgqk4Q535/tBihhcXb8sinYmc4QjP4Cn8YZsqcU+gCVk/DFjkXGn4dR yN/KprkoEnokiYg8DmksUGvboeI2P64= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf05.hostedemail.com: domain of hdanton@sina.com designates 218.30.115.63 as permitted sender) smtp.mailfrom=hdanton@sina.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732799038; a=rsa-sha256; cv=none; b=CQcLOOeucqcOFN5EFl1HZZEsBJ68e5c5PWR4jIjx3hL5O6IJVzse32fr6XeUhmRlsFeDFm Uw/oxFB7rrnQKxGZvT+DKjv6yVNwYDiDoQEMKTYIbVUwBvt4jFMtm1S+fXllI7gCnSNdUh dkegngX3TW7SiaCtE2GbqbnzlxrCp3E= X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([116.24.9.49]) by sina.com (10.185.250.22) with ESMTP id 67486A3600004A4D; Thu, 28 Nov 2024 21:03:55 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com X-SMAIL-MID: 5706967602503 X-SMAIL-UIID: 5D97697DF1B74808ADCBCF78563DC6EB-20241128-210355-1 From: Hillf Danton To: syzbot Cc: David Hildenbrand , linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, Matthew Wilcox Subject: Re: [syzbot] [mm?] kernel BUG in const_folio_flags (2) Date: Thu, 28 Nov 2024 21:03:40 +0800 Message-Id: <20241128130340.2021-1-hdanton@sina.com> In-Reply-To: <27bc1008-dce1-4fad-9142-0b74069da4d9@redhat.com> References: <674184c9.050a0220.1cc393.0001.GAE@google.com> <20241128114249.1903-1-hdanton@sina.com> <1176656f-96a8-4e99-a4c2-7354b7cfd03c@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: C181010000A X-Rspamd-Server: rspam12 X-Stat-Signature: f6ias6rf31dwpk9xmytr6e4r6j9u5go1 X-Rspam-User: X-HE-Tag: 1732799028-908115 X-HE-Meta: U2FsdGVkX1/pu1WA902uL7YsSXxJoDkuRmBihhluBozLNA11B2gqpZemCpkGl8Kr0F6oRp6bvVKzkK/BG+ZWHF+/nosCDB+1NGkPG/BRKbbSRvghYNJTeXGxWdowdu1R+KM96An8Tr2o2xQqAd4mRx1a8QSd884pUs2kXMKKlZyr8DQJ9AUCpRXCpj2AGNI/2Nvr74XNkT0yyq4bexAdHASqEm2hKX+T6PhduYUrGvUmgTPvqwzuYGBZ3KR1UdwoAgQIH2Uc5aHXvAP+QMoT5pQElgPQ3H1so4ckLamwokrKv9Pq/VQaoKtiFDfNQ6QAm917tkEAVlFE8NtXx+6nj6l1/kB+uJ+YG+ISZ2n7rQQ2yV1EvE7r5flSWkmrNYZzE/eOKMigvjOR9YGql1SjiW9CyV41PGTNtt40CEseFXVVrFJWNxepWgRfrwaRR3vplq9J1sGpQeC9EkvweKOhfAGArL7xTnAbT1KZ8T0IQYPyXGVsfM1J3DVRBgjhoPJOfcApWpOX0vrDKTlKi4f7cRw5Kwe8dHmFlGDhPvH7iQ+KOy8eQLFGAYX/BewzQFzaczINCECSqwV0WUKvfceQm1MOBjKNZ81bIGIqAZ6N8olOIzckeZMbOW1vrpWsVmvGRWBzhw9UpE4q+Ym6+lLAPRoj4Ds2rnXfxwc0dnJ5nKD+dWG4GH1EO9PaZ5yeilYV6bumjRoLK78KQQWMoqhsV1JmYU518Sll7hh5zirCPLBBJhNGA6fhAd19Vl6K5SOwqPR60TsJ/x1uwWdiiCFxd2onxnSOf5awX29KXgQUaN+uxxnc0Nh45+gMESfrSH1r3eEz0bj3YjSu1JFaPGZfFviwfCWEXesK8GXAumsgD0vbXKDH1GrwAjsVFzhrjFb8+CJJ4pGtxSWogchscSaI29ACnytYsSGgbJRmnnoJfFRMOnIfDFb7Nnf2eT9Qc4dnnhgUDZ3qnyGsjMe5hBc TYKkLbR3 mLfbFfxETsNcIV5/3A7oaZsB6Dea+7oz3mEPukydFW8GNqCJUkDU01mckAAzF642Z2eJKRyukNs+u1Gt/I0G4oZbbdBesYUWypnpC78/JIgkB47tyQsugR378LdjDnfDsiYrNFVRRPktCyMXjnv/xjargzOvKrfcDSVTQUH2dzi1ltTUQv1moDpkxbHl8u2tZ8OordvMA7GhFrUMlQZwoGog0XvGxIvGuHLv1panpGUEAyrTLq0f+nP963mKVM2I7RuW0Tie0AUkQ/jQFRia0f1j9oQ9ly/Y7M5JCvegvF30iGQ40HEC+G0PB11Ti6Eot6eEYWy4fTeLyeUQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, 28 Nov 2024 13:23:15 +0100 David Hildenbrand > > Ah, now I get it; at the point int time we check it actually isn't in > the pagecache anymore. We perform a folio_test_locked() check before the > folio_try_get(), which is wrong as the folio can get freed+reallocated > in the meantime. > > The easy fix would be: #syz test --- x/mm/filemap.c +++ y/mm/filemap.c @@ -3502,10 +3502,10 @@ static struct folio *next_uptodate_folio continue; if (xa_is_value(folio)) continue; - if (folio_test_locked(folio)) - continue; if (!folio_try_get(folio)) continue; + if (folio_test_locked(folio)) + goto skip; /* Has the page moved or been split? */ if (unlikely(folio != xas_reload(xas))) goto skip; --