From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48DBAE77188 for ; Tue, 31 Dec 2024 08:41:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5082E6B007B; Tue, 31 Dec 2024 03:41:13 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4B7ED6B0082; Tue, 31 Dec 2024 03:41:13 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3A5B36B0083; Tue, 31 Dec 2024 03:41:13 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 1D2B76B007B for ; Tue, 31 Dec 2024 03:41:13 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 63970140CD6 for ; Tue, 31 Dec 2024 08:41:12 +0000 (UTC) X-FDA: 82954609122.29.7C9D5C1 Received: from mail78-36.sinamail.sina.com.cn (mail78-36.sinamail.sina.com.cn [219.142.78.36]) by imf11.hostedemail.com (Postfix) with ESMTP id B98D540004 for ; Tue, 31 Dec 2024 08:40:25 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=none; spf=pass (imf11.hostedemail.com: domain of hdanton@sina.com designates 219.142.78.36 as permitted sender) smtp.mailfrom=hdanton@sina.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1735634426; a=rsa-sha256; cv=none; b=puIhi61pEWs8EAKsL7Sj0FBPa4IFwUE1vrhKQbcglAXo63bLIRkVbVIl6mymwM5GNVD7TJ MEQGpiVBFvbuxtv/bYIgF4206odLRF/S5QW34NE5ncJYKRcPSHONdhvF49IKcO770f2BSK TQnfsZpbX9EJxNwpCuPizT0f+0ewMuc= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=none; spf=pass (imf11.hostedemail.com: domain of hdanton@sina.com designates 219.142.78.36 as permitted sender) smtp.mailfrom=hdanton@sina.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1735634426; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=q2/j5EAR28u62slddFhQXpjaC4QMpVnzT5ObgR/2dz4=; b=yZKJe8iSJkHoCUZPgtfyt4pakE5j0k1F2JLmD9XryN3KDWP/YDwiWRKQNk0nVzGU98yoWN g3q76cEnYRHAQOLvhF1MKUOaIeiZlHywPE5NfvR/Vf7ib8JlM4k7k3WtKm0r+O87vCG4IO 8HmsP3wH5w0E9zbhC2+dTCwRMSLPXmQ= X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([116.24.8.103]) by sina.com (10.185.250.24) with ESMTP id 6773AE1F00001CDD; Tue, 31 Dec 2024 16:41:05 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com X-SMAIL-MID: 88493710748298 X-SMAIL-UIID: 7CAB75E5FAC14BB89050619685021546-20241231-164105-1 From: Hillf Danton To: syzbot Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [mm?] WARNING in __folio_rmap_sanity_checks (2) Date: Tue, 31 Dec 2024 16:41:06 +0800 Message-ID: <20241231084108.1146-1-hdanton@sina.com> In-Reply-To: <676f84f5.050a0220.2f3838.0493.GAE@google.com> References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: B98D540004 X-Stat-Signature: p84qqxt8ta6p9gmhy14w6zy8whogbpxu X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1735634425-828170 X-HE-Meta: U2FsdGVkX19vMBjlpsOk3yQSADHM9+/9aYcapkqobNGT1+vQiHZ0FFpt7fhP1iuRD1zWYlnCzOP7PHoCs5Q9i9XmHWtRjo2Yfoq37OK6f3eEPNFek0zQfuc19aDVFr5mI5U/CzAW6HzTdaidUMJDJenWudUoc1gwU+L9GPllFvvLfPSm9XDIq1TFlI/PT9BisgjblccnbR8kvxF2SOUCm2wHUMQ0qIAaSfI9pbDjl+42fmEHgpa/+mvrnd589Cv+gU/qwxkYUzE+vEcaC+jQxrlJhDpw7HOwDpOLcsqN2q7zHZnEwQ/BWcjPGmaQ4sPrnLb0ao5x45ZZ9LM964ObrBuCowhHUaFuOcCtHyNAYCqmiIuOAYgVyUhRhkS2yoKHqwhGSNhMZPQ3z8/sd93gDXbrOVbIC6St1TfwdzBsJkdmuB8evfpW8tPvuKPPUrKUyGLpvErL5Lt74X8pl92FIoP16rh6gWYJRK5vzZhUcgsZYwOOtiq8L4nDdTIFs3C5zfWGCZ1nwj+QSbyzreC4hKNkMdf5FHd5VOXL3BPAbaAUvzkCPBV6DxktYnNCZWsZ1Y99x7sOYG6hqrRQBuFkGoLRdggRKl63+lVxBLH26Zik2bv2cRqKZywVadwFZ8m7t86VF9wAZksvTeSGPOgUa/SIfZyjTm7CgSkaZI7YVNsmvDeyUPM/VWSur20SuA0SleiRnTAtqti18OPzg97ULmyjkawbraNrnhEJVLUEm3eNwi7tdazOVKXp34KiXKmiQh5u38ymeFpsolgc8DC2Yn1+KOFyka68LWiflG7MBXaKpu3GnXd3FxCJaomYuSLIXqkTnHZ/GXgJWqHMLD9Th3ZV9elXzpRYUo2ziIzp9Lj8TqRP3PQS4SpWEUvhijZMA74ulz3kUcEV8Iwm9JbWYIKN6d7ornbwfIENLTsRvps8gJVGPpvwm9570L58Yvjs3e0+YUgKHpiVRfeFdQd 5PeofxhY cyphuyOsscPQiqkcoPcmY0Nw/rtvjW3akQzxy3Qe0jWqSav/kQxFvGhy/4Cqe/flhfUjCiLRCFbEHoMUjYfWnvM1tYO7sPEKIOkS2el/LrAI42CPXPOK+V0HaaHInnqu73oiqM3DkL2QqJvZ4L25wEQseyia6+S1HxxM1CJVypjZ8cn/Ydko1cpp7sLGmJ0GZFI1k1b/9gKtQgkltphNdKS+ivYR6q6I9GANj3ETBU10RKEI714V1nsFvZKkrymvfTqiWpyl+giga5DFY8g4Ov98fzgAhms6a9Xq5e9yKm7TmTquoC1cG8xABlHMPdVrVFX3FUXCZASrGZsPZSm7GTnFPjo3HxoyzefvPqeotgzRzy/s7Pe35tGcrDZNRnSPscLR817iHm9vFXYyxbhpRns9XDA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, 27 Dec 2024 20:56:21 -0800 > syzbot has found a reproducer for the following issue on: > > HEAD commit: 8155b4ef3466 Add linux-next specific files for 20241220 > git tree: linux-next > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1652fadf980000 #syz test --- x/mm/filemap.c +++ y/mm/filemap.c @@ -3636,6 +3636,10 @@ static vm_fault_t filemap_map_folio_rang continue; skip: if (count) { + for (unsigned int i = 0; i < count; i++) { + if (page_folio(page + i) != folio) + goto out; + } set_pte_range(vmf, folio, page, count, addr); *rss += count; folio_ref_add(folio, count); @@ -3658,6 +3662,7 @@ skip: ret = VM_FAULT_NOPAGE; } +out: vmf->pte = old_ptep; return ret; @@ -3702,7 +3707,7 @@ vm_fault_t filemap_map_pages(struct vm_f struct file *file = vma->vm_file; struct address_space *mapping = file->f_mapping; pgoff_t file_end, last_pgoff = start_pgoff; - unsigned long addr; + unsigned long addr, pmd_end; XA_STATE(xas, &mapping->i_pages, start_pgoff); struct folio *folio; vm_fault_t ret = 0; @@ -3731,6 +3736,12 @@ vm_fault_t filemap_map_pages(struct vm_f if (end_pgoff > file_end) end_pgoff = file_end; + /* make vmf->pte[x] valid */ + pmd_end = ALIGN(addr, PMD_SIZE); + pmd_end = (pmd_end - addr) >> PAGE_SHIFT; + if (end_pgoff - start_pgoff > pmd_end) + end_pgoff = start_pgoff + pmd_end; + folio_type = mm_counter_file(folio); do { unsigned long end; --