From: Josef Bacik <josef@toxicpanda.com>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: "Miklos Szeredi" <miklos@szeredi.hu>,
"Christian Heusel" <christian@heusel.eu>,
"Miklos Szeredi" <mszeredi@redhat.com>,
regressions@lists.linux.dev, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
"Joanne Koong" <joannelkoong@gmail.com>,
"Matthew Wilcox" <willy@infradead.org>,
linux-mm <linux-mm@kvack.org>,
"Mantas Mikulėnas" <grawity@gmail.com>
Subject: Re: [REGRESSION][BISECTED] Crash with Bad page state for FUSE/Flatpak related applications since v6.13
Date: Fri, 7 Feb 2025 12:29:17 -0500 [thread overview]
Message-ID: <20250207172917.GA2072771@perftesting> (raw)
In-Reply-To: <9cd88643-daa8-4379-be0a-bd31de277658@suse.cz>
On Fri, Feb 07, 2025 at 05:49:34PM +0100, Vlastimil Babka wrote:
> On 2/7/25 10:34, Miklos Szeredi wrote:
> > [Adding Joanne, Willy and linux-mm].
> >
> >
> > On Thu, 6 Feb 2025 at 11:54, Christian Heusel <christian@heusel.eu> wrote:
> >>
> >> Hello everyone,
> >>
> >> we have recently received [a report][0] on the Arch Linux Gitlab about
> >> multiple users having system crashes when using Flatpak programs and
> >> related FUSE errors in their dmesg logs.
> >>
> >> We have subsequently bisected the issue within the mainline kernel tree
> >> to the following commit:
> >>
> >> 3eab9d7bc2f4 ("fuse: convert readahead to use folios")
>
> I see that commit removes folio_put() from fuse_readpages_end(). Also it now
> uses readahead_folio() in fuse_readahead() which does folio_put(). So that's
> suspicious to me. It might be storing pointers to pages to ap->pages without
> pinning them with a refcount.
>
> But I don't understand the code enough to know what's the proper fix. A
> probably stupid fix would be to use __readahead_folio() instead and keep the
> folio_put() in fuse_readpages_end().
Agreed, I'm also confused as to what the right thing is here. It appears the
rules are "if the folio is locked, nobody messes with it", so it's not "correct"
to hold a reference on the folio while it's being read. I don't love this way
of dealing with folios, but that seems to be the way it's always worked.
I went and looked at a few of the other file systems and we have NFS which holds
it's own reference to the folio while the IO is outstanding, which FUSE is most
similar to NFS so this would make sense to do.
Btrfs however doesn't do this, BUT we do set_folio_private (or whatever it's
called) so that keeps us from being reclaimed since we'll try to lock the folio
before we do the reclaim.
So perhaps that's the issue here? We need to have a private on the folio + the
folio locked to make sure it doesn't get reclaimed while it's out being read?
I'm knee deep in other things, if we want a quick fix then I think your
suggestion is correct Vlastimil. But I definitely want to know what Willy
expects to be the proper order of operations here, and if this is exactly what
we're supposed to be doing then something else is going wrong and we should try
to reproduce locally and figure out what's happening. Thanks,
Josef
next prev parent reply other threads:[~2025-02-07 17:29 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2f681f48-00f5-4e09-8431-2b3dbfaa881e@heusel.eu>
2025-02-07 9:34 ` Miklos Szeredi
2025-02-07 9:45 ` Matthew Wilcox
2025-02-07 10:25 ` Vlastimil Babka
2025-02-07 10:43 ` Miklos Szeredi
2025-02-07 10:55 ` Vlastimil Babka
2025-02-07 11:16 ` Bernd Schubert
2025-02-07 18:21 ` Bernd Schubert
2025-02-07 18:40 ` Joanne Koong
2025-02-08 0:02 ` Bernd Schubert
2025-02-08 12:25 ` Mantas Mikulėnas
2025-02-07 20:35 ` Mantas Mikulėnas
2025-02-07 11:00 ` Mantas Mikulėnas
2025-02-07 16:49 ` Vlastimil Babka
2025-02-07 17:29 ` Josef Bacik [this message]
2025-02-07 18:39 ` Vlastimil Babka
2025-02-07 22:29 ` Matthew Wilcox
2025-02-08 0:22 ` Joanne Koong
2025-02-08 10:11 ` Matthew Wilcox
2025-02-08 15:46 ` Joanne Koong
2025-02-10 8:27 ` Vlastimil Babka
2025-02-10 18:13 ` Joanne Koong
2025-02-10 19:12 ` Josef Bacik
2025-02-10 19:42 ` Jeff Layton
2025-02-10 20:36 ` Matthew Wilcox
2025-02-10 22:38 ` Jeff Layton
2025-02-11 14:01 ` Jeff Layton
2025-02-11 19:23 ` Joanne Koong
2025-02-11 19:41 ` Jeff Layton
2025-02-11 21:10 ` Joanne Koong
2025-02-11 21:01 ` Vlastimil Babka
2025-02-11 21:21 ` Joanne Koong
2025-02-10 18:58 ` Jeff Layton
2025-02-12 18:48 ` Joanne Koong
2025-02-10 8:52 ` [PATCH] fuse: prevent folio use-after-free in readahead Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250207172917.GA2072771@perftesting \
--to=josef@toxicpanda.com \
--cc=christian@heusel.eu \
--cc=grawity@gmail.com \
--cc=joannelkoong@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=miklos@szeredi.hu \
--cc=mszeredi@redhat.com \
--cc=regressions@lists.linux.dev \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox