From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 534BCC3ABDD for ; Tue, 20 May 2025 05:46:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3727E6B0089; Tue, 20 May 2025 01:46:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 323EC6B008A; Tue, 20 May 2025 01:46:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 260986B008C; Tue, 20 May 2025 01:46:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 0AB1A6B0089 for ; Tue, 20 May 2025 01:46:49 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id A876714034C for ; Tue, 20 May 2025 05:46:48 +0000 (UTC) X-FDA: 83462202096.25.465F878 Received: from mail-io1-f78.google.com (mail-io1-f78.google.com [209.85.166.78]) by imf21.hostedemail.com (Postfix) with ESMTP id D78E51C0002 for ; Tue, 20 May 2025 05:46:46 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=none; spf=pass (imf21.hostedemail.com: domain of 3RRcsaAkbAGwcijUKVVObKZZSN.QYYQVOecObMYXdOXd.MYW@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.78 as permitted sender) smtp.mailfrom=3RRcsaAkbAGwcijUKVVObKZZSN.QYYQVOecObMYXdOXd.MYW@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747720006; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references; bh=PNoG/wTpGCsBMaQKcduz80Xs9yYBCEsC/9yl958TjZw=; b=33OqvKWb1Laa8ghDEe6MMkjGtIDWiTxZGCgD7412mGOLxwFaCZll3Rquq5VCE6Zhzhw3V5 BBl2VHi6Rd4wR0O6smQh7A/zqo0CxNukYLI1rn9+Ox3IGNXfnnFEHA1WEi24hBXlT2NWeT a9AStYupYEhvzrWnm0/P8ruN3ihsYXA= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=none; spf=pass (imf21.hostedemail.com: domain of 3RRcsaAkbAGwcijUKVVObKZZSN.QYYQVOecObMYXdOXd.MYW@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.78 as permitted sender) smtp.mailfrom=3RRcsaAkbAGwcijUKVVObKZZSN.QYYQVOecObMYXdOXd.MYW@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747720006; a=rsa-sha256; cv=none; b=JgZ+iSL1Nb5+Y0HYq84BkEaD0x0ZgAzo7vamENnqbNOJhKtJ69Kio3mOT4lXxSF0pm8fb/ ENDJvToHT+cyuci3LL2meKNn/RWYnSjYNAJO01QXBJRitMvVPcmc8VfaR/88Ves0Yzr/hy XHJWJXmeJSKCtu3In5gnwRvRBbsmq4o= Received: by mail-io1-f78.google.com with SMTP id ca18e2360f4ac-85e15e32379so476017639f.3 for ; Mon, 19 May 2025 22:46:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747720006; x=1748324806; h=content-transfer-encoding:cc:to:from:subject:message-id:in-reply-to :date:mime-version:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=PNoG/wTpGCsBMaQKcduz80Xs9yYBCEsC/9yl958TjZw=; b=m08jL/DCN3AcDyBN9Cc3lzIJUZdf8DuqsRaxVrTdoR6Dj1jpvTfbwblBQRT829IHxb V2kZNjnZeUnlO8jvOdxBWFZBbp+dA5cBcKCneL/yFL0bL1nWqJKkenaQ9PtZ8nkknGca Gu6od0fkuUi4Zftnm5Rq2s5Lkf5Z5FbKPd9HECj1nUBHpu5R8HGaY96k18juf+Mt0HiP g6LkacPevEvmQmWAGJBQaM1laq23EJVTQyAAn9B2oNy/JhgNJvKOVgwHKiSMAJEx+IgL 0uucuSvD7zSFR3ERSmmKAcxORSwgxKACE2Aifl0MHfMHv2JfPw3ttRrsTAQ1GzTXznec Xvdw== X-Forwarded-Encrypted: i=1; AJvYcCUcJM/GriUKoOugAnCpxEPUry7wdMW/BIvOqIZ01Y69ijJOC3FEsSVk4ZUXCul6CyQIWzb73yLztw==@kvack.org X-Gm-Message-State: AOJu0YzKRkPHKxlOCzhFFOO/x3UQQZ0CZdbqWFXBPF4pQypme8JEuNTO rAgJa3ykPJnok8fU7hglwWaQe6/y/Cf+IxsLXU3WSitkRsHye7lJyYXM6GbPG4uEMRp2WQIi+4c vJiVD9wC7GxkOXGMIxHMc3mD9NZz7nKVWB3RdjEuwRlgo4QneB4LSXFCLnpI= X-Google-Smtp-Source: AGHT+IHwccDPA1cEqwcwfB8eC6CziO5xr+ZVahkvrfS91r0ruV2eplPGRD79WYA3JhaUPNg4S4ItsuFfW05fguSvlH7BFnK3ZtB+ MIME-Version: 1.0 X-Received: by 2002:a05:6602:274b:b0:85b:476e:ede2 with SMTP id ca18e2360f4ac-86a24cc8825mr2017333539f.13.1747720005901; Mon, 19 May 2025 22:46:45 -0700 (PDT) Date: Mon, 19 May 2025 22:46:45 -0700 In-Reply-To: <7d20b14c-5739-4556-9f6e-d19cc7e3ee9b@amd.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <682c1745.a00a0220.7a43a.0084.GAE@google.com> Subject: Re: [syzbot] [mm?] WARNING in folio_large_mapcount From: syzbot To: shivankg@amd.com Cc: akpm@linux-foundation.org, baolin.wang@linux.alibaba.com, david@redhat.com, dev.jain@arm.com, liam.howlett@oracle.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, npache@redhat.com, ryan.roberts@arm.com, shivankg@amd.com, syzkaller-bugs@googlegroups.com, willy@infradead.org, ziy@nvidia.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Queue-Id: D78E51C0002 X-Rspamd-Server: rspam09 X-Stat-Signature: ikg9hgpd4fr6r6wc53yr9qyx3hiu7m4t X-HE-Tag: 1747720006-395835 X-HE-Meta: U2FsdGVkX1+Hn8u0miY3v7EfpaxoKRtUfud4X3HuH20LJseirnTQK1KneoPXB3JWw3AUTcja+YTdy61UcC40fKf5bHwbB7DQjrUsEo2oklD5DloGXB5EDoMscvHGLrKS9+awoXIb7i0s9W6l5As0yGCvNhrqHzXWkwjJemfyYlk5o3Mx5MB7cjFM1Q7R1w6er/xH49rsBgHd8Vn4Elgv9I1s5LnLN2oXEvX7Qlxolab1Iu0sPgte+qbpbxuq8L08o6GuSOiDHeNwaUpwk8yRI2nXJDhi2nSCMqpoScUiD9BF0oVxw8ScESZyuaINYTefI9qISP1jiDANBF7o1DjcAzxVVuifsY5Z0kQBG9RlDGJFLnkpK68yGS0KfT3X88EWeFPzNi0Ige3BXVZt4V/IYRf/0JKp0K7VbBJ2aW+smovjwFKLwRM9ppI8rxEiIy/vTqgwzBdJ9ZR8fA5sXhm92liubCSnZ3BqYmM08K2lz+y+FAbc/X7FFoMtEFoXCOVWyhocZIRznNQEqiXFBpAoIexPveTwUMJODlaHoKkIxDQSn497NuSw0SL4mLDgltlZ9s3tMsRZXB8mltR/iKG7FhL1mRnbskQTIMRJLz+khNAT0wc/xikgacvoSjzUtJqAlrle9pfuLvTSj9/uUMGSgOnD1L/NX9BuK6nrveeLeXG9PNHFrEX2IUZdcX1tp/AMCYE2GscExJoSMLVohb1Cf6WMch486KVyjK648+ZNEB1rbDlehPiOm5ivDk21lbTYdZzJa/VzKwWWLo5n/yhVz9nMCPgctgBqoRXPrLYodqz0nWJUpEjKUn1hqsn3gRNjitNpe7JWUuca1RVd79a4g+8V9XYYcTBjtckUr8Pw8stauUKwqxWZUFmzbkaI47HrI641LuRHSvNamjnPyXWRI0/+xQ89QARHj4sWlac+o4hUDeEHJI41zMk33l8E3pav9XXB5++51IKgdog+O5y fZlTQPoC b6pKdKOx1HGqJfo9J51C2MTTrDUK92Rd6NZ3fTlScEQw/qk2nk6LYAQgKoFBdi7o/KtNvhGZbE4JBCvyxiHejpRJGTUKa25q9rfD20BdDr9mymSLDGejbui1i9nfHmrUIBl1Aewfi7kJD/xVUkoqLnGxqMv6MW7M1+MzjXhkSZ3ueycYuShmzdLz9bmD5RTCd18LO3wYT3s0FqV/VQjlhGaj4yWwoHhyq+jHyrHiQergXDQVLRH6K59dSgxaGYfVhcOIe5SXxG5nZIhPxBuWtfU9u3pQw30HiUfxz3ttdNtA/GmT/LCjSQwSl8aTvd2Yn4Y3FPA52bSVZA/dIInRwdSvef9P4+Zt8uUsFxT82Sz1nxAtkmkGoP/0fUZaf0Eky6cQ6+iPS3DSno565Scm5idDNsVYPfeIddUmPbyPyyeXBN6WPbiQJtiJLp83wa6/3gponrggGVm40ZHPlxIj6eOHGNQyIVRr2beFsmYfkZ9OVuf1UShbMRr9sX/3X3rhxscfiOocIgpxw3Ruxwlkc993Trhr4QSyBxzhi6h9qsajYwsVIYl2i5nDHQXU8/QCOk7a2JCrwZ0Zr3M8VwTdIQ1abTCecLcYMkSSzbemLa0cy7RDzKHkSP+Vz2QQl0K1srewaKj052OJKjmbqBWU3pWVgB2JeE5qt8rQSuod6g/P3/sAsvYfrfmpNVouit/DyegZNx4tG4vcmCQDgv6YzpThxpe6LbLmR4hfVXusl7lyr489Bh/XWAGjhZQZW29PVpnYXwJ8Vi7dqjX7VPgh/tU4o56eBjcPH3i2tz4UexytClDiS8FgZS9FjsXEQIWJXN6czL+i6gkF/d/jdxNJLYB/Yh8C/nO5sytyk+zDq+5fongV6rndiZNtWnHW/w1SlTazobDpIE1vu9Po6S3DBuKDRHcpsSaYPs6YIMGZ3qxbDU7kLYrvfA/rhcUkIcjY39maT3GZDEgF+ifQQKtuq5LBUMIaX C12psiYC UHuV6pnJVhJqN4x36kRN9vxBne3nqW8F29A5U3cJBvANmugYEU9d+8neytCk+xl432YaFxqqLSlqvybRVxY/9wt5ohYPsVjM5i/ySE0viLd1U6BRVE2mc+kf+xtRP/SsU+L0RQoHfiOuUruh14BlcFKT8s01zYsXTNdK83PxL+oArWBnOs6ZFdRTCiExgQjXQPLTD3hDKoYjl4w+HBeCdXL67ZZ5LJtN X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > On 5/19/2025 6:56 PM, David Hildenbrand wrote: >> On 17.05.25 10:21, syzbot wrote: >>> Hello, >>> >>> syzbot found the following issue on: >>> >>> HEAD commit:=C2=A0=C2=A0=C2=A0 627277ba7c23 Merge tag 'arm64_cbpf_mitig= ation_2025_05_08' .. >>> git tree:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 upstream >>> console output: https://syzkaller.appspot.com/x/log.txt?x=3D1150f670580= 000 >>> kernel config:=C2=A0 https://syzkaller.appspot.com/x/.config?x=3D5929ac= 65be9baf3c >>> dashboard link: https://syzkaller.appspot.com/bug?extid=3D2b99589e33edb= e9475ca >>> compiler:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Debian clang version 20.1= .2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.= 1.2 >>> >>> Unfortunately, I don't have any reproducer for this issue yet. >>> >>> Downloadable assets: >>> disk image: https://storage.googleapis.com/syzbot-assets/0a42ae72fe0e/d= isk-627277ba.raw.xz >>> vmlinux: https://storage.googleapis.com/syzbot-assets/0be88297bb66/vmli= nux-627277ba.xz >>> kernel image: https://storage.googleapis.com/syzbot-assets/31808a4b1210= /bzImage-627277ba.xz >>> >>> IMPORTANT: if you fix the issue, please add the following tag to the co= mmit: >>> Reported-by: syzbot+2b99589e33edbe9475ca@syzkaller.appspotmail.com >>> >>> ------------[ cut here ]------------ >>> WARNING: CPU: 1 PID: 38 at ./include/linux/mm.h:1335 folio_large_mapcou= nt+0xd0/0x110 include/linux/mm.h:1335 >>=20 >> This should be >>=20 >> VM_WARN_ON_FOLIO(!folio_test_large(folio), folio); >>=20 >>> Modules linked in: >>> CPU: 1 UID: 0 PID: 38 Comm: khugepaged Not tainted 6.15.0-rc6-syzkaller= -00025-g627277ba7c23 #0 PREEMPT(full) >>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS= Google 05/07/2025 >>> RIP: 0010:folio_large_mapcount+0xd0/0x110 include/linux/mm.h:1335 >>> Code: 04 38 84 c0 75 29 8b 03 ff c0 5b 41 5e 41 5f e9 96 d2 2b 09 cc e8= d0 cb 99 ff 48 89 df 48 c7 c6 20 de 77 8b e8 a1 dc de ff 90 <0f> 0b 90 eb = b6 89 d9 80 e1 07 80 c1 03 38 c1 7c cb 48 89 df e8 87 >>> RSP: 0018:ffffc90000af77e0 EFLAGS: 00010246 >>> RAX: e1fcb38c0ff8ce00 RBX: ffffea00014c8000 RCX: e1fcb38c0ff8ce00 >>> RDX: 0000000000000001 RSI: ffffffff8d9226df RDI: ffff88801e2fbc00 >>> RBP: ffffc90000af7b50 R08: ffff8880b8923e93 R09: 1ffff110171247d2 >>> R10: dffffc0000000000 R11: ffffed10171247d3 R12: 1ffffd4000299000 >>> R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000 >>> FS:=C2=A0 0000000000000000(0000) GS:ffff8881261fb000(0000) knlGS:000000= 0000000000 >>> CS:=C2=A0 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >>> CR2: 00007ffe58f12dc0 CR3: 0000000030e04000 CR4: 00000000003526f0 >>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 >>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 >>> Call Trace: >>> =C2=A0 >>> =C2=A0 folio_mapcount include/linux/mm.h:1369 [inline] >>=20 >> And here we come through >>=20 >> if (likely(!folio_test_large(folio))) { >> =C2=A0=C2=A0=C2=A0=C2=A0... >> } >> return folio_large_mapcount(folio); >>=20 >>=20 >> So the folio is split concurrently. And I think there is nothing stoppin= g it from getting freed. >>=20 >> We do a xas_for_each() under RCU. So yes, this is racy. >>=20 >> In=C2=A0 collapse_file(), we re-validate everything. >>=20 >> We could >>=20 >> (A) Take proper pagecache locks >>=20 >> (B) Try grabbing a temporary folio reference >>=20 >> (C) Try snapshotting the folio >>=20 >> Probably, in this code, (B) might be cleanest for now? Handling it just = like other code in mm/filemap.c. >>=20 > > Hi, > > I've implemented your suggestion (B) using folio_try_get(). > Could you please review if my patch looks correct? > > Tested it using existing selftests: sudo make -C tools/testing/selftests/= mm run_tests > > Other two instances of is_refcount_suitable() uses folio locking. Should = we maintain > consistency with those? > > Thanks, > Shivank > > #syz test This crash does not have a reproducer. I cannot test it.