From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AC099C02198
	for <linux-mm@archiver.kernel.org>; Wed, 12 Feb 2025 18:48:22 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 143CB6B0085; Wed, 12 Feb 2025 13:48:22 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 0FD936B0089; Wed, 12 Feb 2025 13:48:22 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id ED5B6280001; Wed, 12 Feb 2025 13:48:21 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id CFC476B0085
	for <linux-mm@kvack.org>; Wed, 12 Feb 2025 13:48:21 -0500 (EST)
Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 9286949126
	for <linux-mm@kvack.org>; Wed, 12 Feb 2025 18:48:21 +0000 (UTC)
X-FDA: 83112178002.20.444D431
Received: from mail-qt1-f176.google.com (mail-qt1-f176.google.com [209.85.160.176])
	by imf27.hostedemail.com (Postfix) with ESMTP id B5D7440013
	for <linux-mm@kvack.org>; Wed, 12 Feb 2025 18:48:19 +0000 (UTC)
Authentication-Results: imf27.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=GuxqfhGS;
	spf=pass (imf27.hostedemail.com: domain of joannelkoong@gmail.com designates 209.85.160.176 as permitted sender) smtp.mailfrom=joannelkoong@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1739386099;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=ZASkp6PCL8/WlHtTvN4bXlrF7OXxOuY1zeD3mdzMNtA=;
	b=kbGrp7iK6M05y7a6KYZkwCuL5Xgl1S8oBh5ElVWGbhi2j4c1okHJAh+bfjVgKx8Cf3brhy
	rZVuQxVQVbUvs9JUoCaESVOzNlMHtkQeRdF4nzDThN5q1LwJhWerQGXyLP/u14AWMi1jFl
	jTvzwhrizp8XHbrQl9Un2AXr7UDCExY=
ARC-Authentication-Results: i=1;
	imf27.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=GuxqfhGS;
	spf=pass (imf27.hostedemail.com: domain of joannelkoong@gmail.com designates 209.85.160.176 as permitted sender) smtp.mailfrom=joannelkoong@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739386099; a=rsa-sha256;
	cv=none;
	b=h85e9HeUezqCDLe8EAvn70vOHtfyPk+NsoFZfRAsq4dn610rzuGmiqb3sOfclVXyCxBxq1
	IxNRLcT9W4Xi3E7XKLRGM23RP1AEHCOVG/+QCuAucgQ1SIQlLZytxP4gCdKkWm0HSeRqLr
	7GsLq3lICnddLPcNl2TqSaVAhymOg/U=
Received: by mail-qt1-f176.google.com with SMTP id d75a77b69052e-471b71421afso10373891cf.3
        for <linux-mm@kvack.org>; Wed, 12 Feb 2025 10:48:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1739386099; x=1739990899; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=ZASkp6PCL8/WlHtTvN4bXlrF7OXxOuY1zeD3mdzMNtA=;
        b=GuxqfhGSsIZHeOM6dqtLZbi33LCSvUdXnbImFypGZ96FAwDDNELLXHHxIrszW15dTF
         I00p5s6dj4QKnb8NoRw1qQ/2kWjRaCiL6c6Pj64RrsykreafN8ciXQ2KcpM34bkda7yK
         IROVZPavTsgda+nNvtEUgr2i/MdkIY8K0TA+SoRpWV3QTI2/XmzBCdm3AdHrXi+MBKku
         5pKLrnpzedq3pH/X4+gbM2Tztn+V0vTw0Wns3uFcYORfDKofIWfSG9XTBDAFwktdMgDN
         YwFAub61P4F4Dnmh6z7wT/RIJhFtb/DtoXZlOrpx+M/gr4KTEDzpqii+RFy7dCVj6Is4
         WMug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739386099; x=1739990899;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ZASkp6PCL8/WlHtTvN4bXlrF7OXxOuY1zeD3mdzMNtA=;
        b=kw7Xlhs9OZwtw9id5xUCfHjN01VgpwTWR7cy0L+HcpXGCc8vQ8CAidy/75eYtWavvt
         sRsYbKLE58hgFv/3KlXAaHOqq/PsZ27F6mUEvsI+ZW4oi+/7hVHvwPz/x1vpYsfrrCFq
         Ny1G7zottpCJvX3DFuhUBuflNfMlAEKPFjyo6VN+ZJZGgrswtiktg/qjA3zOOqrgnA79
         ObVZrOxxsNDCeX0fo0CeB6/rPDu0d38xnjZ5r7oGYny4qtdTheloBeIk/CLOb422kvCP
         bRxcnkdK5ewluWv/i+xLt2W/zuWDDS0YVQvcZfCaEqFPfvQqcElHntfNqVwSV2ZbTgQv
         WfFQ==
X-Forwarded-Encrypted: i=1; AJvYcCXclwdWQNMNujxO284CTa4y1FLeQWCgaxwmXImow43iHalHjnl88BYyd5CtWD+lcAU73kvi2v+N9g==@kvack.org
X-Gm-Message-State: AOJu0YzXfA5lVTbyrjuNJKE7tqsYQLodKn1XBN7/IPput6MGBt+8J03H
	0ZwznNxsBcY3RBx31JAqqM8/pitPfIF87Q4o2T0MMNP2qk68h6/O71inuEwWh6bSh094JTeswNL
	BvvqYpcUaxkmMkXIN6M5ptRhxAn8=
X-Gm-Gg: ASbGncudJKVdoklQXN5fKI3sfuxfbVykkk4ozXaM6h4QhiD8uJ9P8Og1gIO+mfwWSm9
	ucIz6WhQ3trbiMZ9y4BoDjlYDc7E9GeFhOVk4RXObyscTlhjmA6MZ5w+NiMxydn2rcP5I7WPGoR
	dty8UeGy7KwqM=
X-Google-Smtp-Source: AGHT+IFlFkV7aYZs2utz/iZsBLLt0+a7zY/YwhAWQu45D2zt1uVzJM7iX/axNKQZ5Z6o1mUaT0iyZJqMYKvLu5Nm+Nc=
X-Received: by 2002:ac8:5a0c:0:b0:461:646c:b8fc with SMTP id
 d75a77b69052e-471afe505d8mr65715981cf.23.1739386098867; Wed, 12 Feb 2025
 10:48:18 -0800 (PST)
MIME-Version: 1.0
References: <2f681f48-00f5-4e09-8431-2b3dbfaa881e@heusel.eu>
 <CAJfpegtaTET+R7Tc1MozTQWmYfgsRp6Bzc=HKonO=Uq1h6Nzgw@mail.gmail.com>
 <9cd88643-daa8-4379-be0a-bd31de277658@suse.cz> <20250207172917.GA2072771@perftesting>
 <8f7333f2-1ba9-4df4-bc54-44fd768b3d5b@suse.cz> <CAJnrk1aNVMCfTjL0vo-Qki68-5t1W+6-bJHg+x67kHEo_-q0Eg@mail.gmail.com>
 <Z6ct4bEdeZwmksxS@casper.infradead.org> <CAJnrk1aY0ZFcS4JvmJL=icigencsCD8g4qmZiTuoPWj2S2Y_LQ@mail.gmail.com>
In-Reply-To: <CAJnrk1aY0ZFcS4JvmJL=icigencsCD8g4qmZiTuoPWj2S2Y_LQ@mail.gmail.com>
From: Joanne Koong <joannelkoong@gmail.com>
Date: Wed, 12 Feb 2025 10:48:07 -0800
X-Gm-Features: AWEUYZk-0djWTKrtRmi8VrGFoz0pLfNoKipNM8dCPw51QEUcZp_d7Q09JdxuGyQ
Message-ID: <CAJnrk1YB5c+wO0U=7aOiWAMaMwQCKUL1-FuvuPMjnB_gnjD28w@mail.gmail.com>
Subject: Re: [REGRESSION][BISECTED] Crash with Bad page state for FUSE/Flatpak
 related applications since v6.13
To: Matthew Wilcox <willy@infradead.org>
Cc: Vlastimil Babka <vbabka@suse.cz>, Josef Bacik <josef@toxicpanda.com>, 
	Miklos Szeredi <miklos@szeredi.hu>, Christian Heusel <christian@heusel.eu>, 
	Miklos Szeredi <mszeredi@redhat.com>, regressions@lists.linux.dev, 
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, 
	linux-mm <linux-mm@kvack.org>, =?UTF-8?Q?Mantas_Mikul=C4=97nas?= <grawity@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: B5D7440013
X-Stat-Signature: bahfpy1z96y66cepkizagugqpw4e9ytp
X-Rspam-User: 
X-HE-Tag: 1739386099-490351
X-HE-Meta: U2FsdGVkX1+qQ5L/IFLl89bv+NSt0sYX2sowZsJaOIrcbEV7iQgTDKCrUs5mOeJeCqd7wwHq2WVcc7L5ilxCSnueGFDrvWihXjTwEZk741Oyb5l3M8imDiLIJPP6x5W1l09ryzRPaPn+0mOMXao4rpFEg4FgG194cqppD/4udfBOoYDTpfRHHhpGm5sWlRvZh3IyKRG9KJCjyqPFP6ypkjO7f9+wOupua7cYlfsDH/Sy2cujdeeIlFNpj8Hq6+GyJ0Q6tM/hAqfLsZsNZbcry803Z5OoghZI4emqf+Cotizz1jFH9w7QZGCozYvoDCk71dLOjUZxcdhqMvvP5u+gMGNNGprZDEUnSYSEUxEt7dWAb6CAkqg+UygRCk/rXCkBW1fh90EJiTClH2vFCdw2TLJx0HmaCgHQJ9ggom3k0H+3OtxPi2s4TkrsZfMiurtmQ5Wy7fM3hVtHG+Bq21yxIx7exdvpawFKtR5rVZbVE/iKaoJKlk1iPcminrMWM9VEgaIMWixA3ImnxU0vQnqXe+968vQ+WZVe5SiyK5Ne+goViTZQiNbCpqco6fXmFPJMpq12Hx2Ui2fbcimhIfjl10yEhku5FOLSdpszaJWUAf+XKOuUdx36TOKJl04Ru9DJz08UZilkp5XAgnw97mudTsmkoiliv2/2AcUfy4DOIGvdrtr6i3TN3FQjpQ319fQUgYG46dHYk+QHzw/ULU29Lt/L5xR8yDVol7vS49u9Ck3cQQMX5xlh/VX6fPHStuGytouriLpYfmHlxGSBBhDpZn+mOeyhC5VGTbNb1JE8KyP7IENlvwAi+/R3364LfMpUOAE4vCTrwy0Es9xS5rZJm7h9eBesGSsnVQi1uGMsQTHWwcWIQ2kvKgEWinw0s4XUcro9EPEXxuAccDc1N78YFzgObBDGQdO+dz2NqO1spcTVPrIiZVfByBZRRBi2V9dX1bGOOlNFlVwwg0w7Auh
 rXHoSdr8
 S4xFphhjrCaOvJyXEl0QSKstnPiM7FKYrPLwuVOb9wW2FgqF+O7bDPF+pjpJzZPqKlBAeuG39yhGudYp78LjWQPUYnqGEHx1R9EPqZzXLBNaGNsuq5F0iuyF/lh3+P3oLP31DWJYjs6VN/qPm9O7nlmxS4Fjg4elJxQFGEZ8+X5+1Zu+4Cb9bx+D1o8II5Rg/zOe8GxnVONOEN3bzqe7XB1vNPfpJS7UhKd2lda0vd4t8Lep2LvRibHXYybweJBOoT7PqaZzNccfg8c/wZ6QFA0A6gnOioBNbF1UqU1CSTXA0b4zLf72FWuXtnf+yZMyhU6PxXknATRVWV61rsAy4AJ5UIopMRY8tSO9dk5P12Lq56uDGNqhiBV97Kyb+lSwHzjwXq0AxhnlYqkSFbAv4R9TjnA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Sat, Feb 8, 2025 at 7:46=E2=80=AFAM Joanne Koong <joannelkoong@gmail.com=
> wrote:
>
> On Sat, Feb 8, 2025 at 2:11=E2=80=AFAM Matthew Wilcox <willy@infradead.or=
g> wrote:
> >
> > On Fri, Feb 07, 2025 at 04:22:56PM -0800, Joanne Koong wrote:
> > > > Thanks, Josef. I guess we can at least try to confirm we're on the =
right track.
> > > > Can anyone affected see if this (only compile tested) patch fixes t=
he issue?
> > > > Created on top of 6.13.1.
> > >
> > > This fixes the crash for me on 6.14.0-rc1. I ran the repro using
> > > Mantas's instructions for Obfuscate. I was able to trigger the crash
> > > on a clean build and then with this patch, I'm not seeing the crash
> > > anymore.
> >
> > Since this patch fixes the bug, we're looking for one call to folio_put=
()
> > too many.  Is it possibly in fuse_try_move_page()?  In particular, this
> > one:
> >
> >         /* Drop ref for ap->pages[] array */
> >         folio_put(oldfolio);
> >
> > I don't know fuse very well.  Maybe this isn't it.
>
> Yeah, this looks it to me. We don't grab a folio reference for the
> ap->pages[] array for readahead and it tracks with Mantas's
> fuse_dev_splice_write() dmesg. this patch fixed the crash for me when
> I tested it yesterday:
>
> diff --git a/fs/fuse/file.c b/fs/fuse/file.c
> index 7d92a5479998..172cab8e2caf 100644
> --- a/fs/fuse/file.c
> +++ b/fs/fuse/file.c
> @@ -955,8 +955,10 @@ static void fuse_readpages_end(struct fuse_mount
> *fm, struct fuse_args *args,
>                 fuse_invalidate_atime(inode);
>         }
>
> -       for (i =3D 0; i < ap->num_folios; i++)
> +       for (i =3D 0; i < ap->num_folios; i++) {
>                 folio_end_read(ap->folios[i], !err);
> +               folio_put(ap->folios[i]);
> +       }
>         if (ia->ff)
>                 fuse_file_put(ia->ff, false);
>
> @@ -1049,6 +1051,7 @@ static void fuse_readahead(struct readahead_control=
 *rac)
>
>                 while (ap->num_folios < cur_pages) {
>                         folio =3D readahead_folio(rac);
> +                       folio_get(folio);
>                         ap->folios[ap->num_folios] =3D folio;
>                         ap->descs[ap->num_folios].length =3D folio_size(f=
olio);
>                         ap->num_folios++;
>
>
> I reran it just now with a printk by that ref drop in
> fuse_try_move_page() and I'm indeed seeing that path get hit.
>
> Not sure why fstests didn't pick this up though since splice is
> enabled by default in passthrough_hp, i'll look into this next week.

This wasn't hit in fstests because passthrough_hp doesn't set
SPLICE_F_MOVE. After adding that, I was able to trigger this crash by
running generic/075. I'll send out a libfuse pr for this