From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB62FC02198 for ; Sat, 8 Feb 2025 15:47:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2E99B6B0088; Sat, 8 Feb 2025 10:47:03 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 298B86B008A; Sat, 8 Feb 2025 10:47:03 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 113B96B008C; Sat, 8 Feb 2025 10:47:03 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E7DB56B0088 for ; Sat, 8 Feb 2025 10:47:02 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 911A812277E for ; Sat, 8 Feb 2025 15:47:02 +0000 (UTC) X-FDA: 83097205884.10.2AB4AEF Received: from mail-qt1-f170.google.com (mail-qt1-f170.google.com [209.85.160.170]) by imf16.hostedemail.com (Postfix) with ESMTP id ADE2D18000D for ; Sat, 8 Feb 2025 15:47:00 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="IDM7/pCf"; spf=pass (imf16.hostedemail.com: domain of joannelkoong@gmail.com designates 209.85.160.170 as permitted sender) smtp.mailfrom=joannelkoong@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1739029620; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4fOnrK9Ez1FxS3AJL66DzUp4872IstaGG4vVRCtFBhM=; b=bYn/wQkM4n95mna54UYAdQ7x6oWuAdusTm8s0W9FEuhcUxmNX7GIFFkfu3H6YVEiJHt2ph 8HDlL3ubc9iTtEkzVHjZO5tMGy0Qjz5AtklaAazS03q19ZXhBsJ1oPAr6SDKn8wH7tfZIr ufIZf7DiqdzvQRMz2wbj1JdFREisBzA= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="IDM7/pCf"; spf=pass (imf16.hostedemail.com: domain of joannelkoong@gmail.com designates 209.85.160.170 as permitted sender) smtp.mailfrom=joannelkoong@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739029620; a=rsa-sha256; cv=none; b=5lK5Xhhzxx80vrfIcOu4znFoeI+3yDOQaN0lEgWs3DMTTh5B0G3cP/yaxrsLlQlnMC5DEy AazD/Z1ekc7a2xMz3QsC1IsG9BydEWdVz0okdddHlR41kc6GdhuERShAYuHyi8o2d95Z+n I3DBHlCFizPwP+ND/sOU9TrzEo9TFa8= Received: by mail-qt1-f170.google.com with SMTP id d75a77b69052e-467b086e0easo16046711cf.1 for ; Sat, 08 Feb 2025 07:47:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739029620; x=1739634420; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=4fOnrK9Ez1FxS3AJL66DzUp4872IstaGG4vVRCtFBhM=; b=IDM7/pCfDzvdxWDqC0X49k+D8y/b5uSs0L2chIBa+8gfs+TYR/U/NCcqj1ImMRV100 V6PQnYcIvedeQCy+/Ycbo8nquj3C/cN7obnlo7e1FwOHNf+ehPYKPtD/Ckjjbt0ueskP Ap0GFNLJLwz7WoDWgZpBWcxZ652do/zKl56mQKDButIsA5/16yG64koBnNYv0TJi6Y5/ 4lF3FuWPNZxA8GwygmC91JtYwNAIS0GYZQL0c/2y1lV0jefPc0cvXa3CTjS/teftegzh HR2pHqjIMtrgmW4KueWnrvO+sTrBnvsrfAWHlQPSF/1OkC8jbQcEQokGrUCsYlMRw/jK J14g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739029620; x=1739634420; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4fOnrK9Ez1FxS3AJL66DzUp4872IstaGG4vVRCtFBhM=; b=FvsBZaJ9NBORe9HMhv9LQZE09oe4ZBJxzHrwfEneaNtrp6jcBpbAs/Xu/M/m2HMhdW wco4B+NqE3e3nRxSVlvbjW2x7prjNmVEsV6NTjvq+hVOOjk1/zy04bHlcffcuCKIoq7C b+4+UdemitVzUOtplXRrwlYyMPd24Je/WWMSnQiYlERLKIOUjMfItR0FWTFUDnjWnCKH XkexXTlFcCzfmcBjeRkn3LzuzQjZm28lAo8fDFD7rhehbQRFV2RrnvpTsTcLYKzpILvH 6RUqjONRSyCjMszK9hKe2PU29XACVuS/PLW4TdXllPKpmBX9oiJnDZ/OX3wktKdspH+h a7Bw== X-Forwarded-Encrypted: i=1; AJvYcCXYFnQmXfh/8U9b0yeLajXly/zbNsjhamMjU2plo3+KGbUEdG99/jFUIF91NVqOSwq5E3NeSDOoag==@kvack.org X-Gm-Message-State: AOJu0YwmBHvqeFRm+p7Xk5JW6MvbFTR9Omvc4DDhnqu+lSv7/EUr5uQV vvOt6edFr/JXrEFrzu6xmxwwsrOC3gyE6GYvzM4f0uXOjvDR40hRqsggj0YjGFc4FQ3bSuSFzDo 4RO+l3Qt8dN6BEz/47PKt/inCiOP+vRE+pts= X-Gm-Gg: ASbGncvNlDf3bKV/eeFjiGUr/2Cb5CbYgh2oaaZe9HGi5LdyZMNxFjTvu+EBnHlxr8n ARBrZm7I78xfci6P1f7dWozZnskYPNlgQjYh6Ps+smcwtx6gOGoJoyw7bIGLPyHCjjwNDDSHcAQ == X-Google-Smtp-Source: AGHT+IFSh4Mb6rl+oRG62Z0H13C2MR3PfJXfuPqUV/E9DdliMmk9tvl6Kyi3LNNOMS6rezVnMSgNza0FH6hi6ihzvh0= X-Received: by 2002:a05:622a:107:b0:467:706f:14b7 with SMTP id d75a77b69052e-47167a5327dmr98645921cf.30.1739029619751; Sat, 08 Feb 2025 07:46:59 -0800 (PST) MIME-Version: 1.0 References: <2f681f48-00f5-4e09-8431-2b3dbfaa881e@heusel.eu> <9cd88643-daa8-4379-be0a-bd31de277658@suse.cz> <20250207172917.GA2072771@perftesting> <8f7333f2-1ba9-4df4-bc54-44fd768b3d5b@suse.cz> In-Reply-To: From: Joanne Koong Date: Sat, 8 Feb 2025 07:46:48 -0800 X-Gm-Features: AWEUYZlmX7UqjYolQF--Dd82_LLes-B_HkoK5EPAEx4gxpTBKL3nR7nmvwna1lU Message-ID: Subject: Re: [REGRESSION][BISECTED] Crash with Bad page state for FUSE/Flatpak related applications since v6.13 To: Matthew Wilcox Cc: Vlastimil Babka , Josef Bacik , Miklos Szeredi , Christian Heusel , Miklos Szeredi , regressions@lists.linux.dev, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm , =?UTF-8?Q?Mantas_Mikul=C4=97nas?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: ADE2D18000D X-Stat-Signature: 3ib7apsfe36x48rp65pjd3cayr4wchxg X-HE-Tag: 1739029620-921029 X-HE-Meta: U2FsdGVkX1+PcWPoL83w/VG4F+fwjLHY/RlnHBMc40DAbo06AsLAk+c9f3YeY9Wpg/3dwb7zFrUGjE4mjDSb0iXuUwv4J/kUjpi3pPic2hDt/PO0bPTiGL341CaKOhB+lhW1bG4N4hZdYpuEy1+0AMnp/4IlyAuyktcHRPnz0fvh5srM0hiTIIizcNpmlBWt8CycHrIpyWIPKOX4r/K/wibFbFrAficHbeRidLJgWCTL4yUsSeMMIAOZ7Hq2Ti81gD7m6E2JJR3dkw0T0DTvClhCmYEksYvyJ848fttx8fcgGRFlYjEQEIPwbOyYmfbRqDAMjqZhxvgx9gMxsIECuiTHwhmgtE2XykoNOKP/g+rIpuOwr4Vvm7a4KR4h1Wr3k9swD+q9TnYo/lH7O3BbttHmD0o3q0niBuaB9mJpkpNsqh/8V8QXoxaLBwTQHZwTF9MeqE0z8gE2YJZP1EsHYq5G3vlNziRhCRcC+mCmuTLw8AwBtpRKhxkAXp1XkF4YN5O2Ox+VhhxoXShpE6NqN4sBVOplhQgbq7sFszsS2HUcQaZfZZoiH+8rg2xV3/Hbf3tVZxZxRDZQlrwbfCwMPyV4qcPjEB48msdfZvgX7A8tX1ZW1Y8dW83mQiVvAEeFWxOY8sSN/iTDqTJRcBTzA7OfJ2RL7SZKZIIhSuX/yzYWdkGztoPL4LLzY71pM3qJDfR+C9RFUIHiL74FjIc3tJcL6jSMWz/bFBT6VLYxC/Hj2dPX2EJGqsOu89x5ulbV1BNbjal8UTaaHJNUn0nOqq06njQ6UQ1Fen3lm8rYKbnyoALPRbJHHNJJ89BspVC+vGOi+yq2vJzoKe/y05p88wxnD13O8F+IDwJIZNMWxv//D0YhAVrM1YeFh2e3nTed2hpyt3bZuT2ZpB4SvZY1XUGhw2znenM5XESMd/nTxHWr3S5psJ5ZNcz6v58X5U6q70fD/qjCveF+tOQiS7x IAOfh9LI 3WE38EwYzS+kem2JZb6AMDRflEDc31Jl0iUNvJSBawAYqwyv2Bbj3n3xymB3t3IDYxZHZwSGcKchiwL2IofiRrr4U8+5cfmA6U8cytqxZZG1Ylw1i3XKQK7wb4a2jnT8tn2iquxQgQNHbrcR/l/jhVJg6aBpE9GF2x3gGHEMP8QWLCLgM/uoTPTM/H+0FgmMMiaACeou6zvgWrgka7MmDlMKqbpq4RE+YSipd2SFYPvDdIY8ojDQFMgXcDDnLCMfrrj+P6w1EFzKJjKhVWZQUSKudU5LrMjZfjGPD782rR7TGkmxUeQlPm4B+H4FAwaVtJYmeOsCBzl0oF/UkfwJbSdwxxWhuMU0Zwp/k6iNCVgwPsPUVyMvLjaGL9Bu5D00tv3yLrNPbo9H7JfqS+SicEl/F/FbORELIrGqQ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Feb 8, 2025 at 2:11=E2=80=AFAM Matthew Wilcox = wrote: > > On Fri, Feb 07, 2025 at 04:22:56PM -0800, Joanne Koong wrote: > > > Thanks, Josef. I guess we can at least try to confirm we're on the ri= ght track. > > > Can anyone affected see if this (only compile tested) patch fixes the= issue? > > > Created on top of 6.13.1. > > > > This fixes the crash for me on 6.14.0-rc1. I ran the repro using > > Mantas's instructions for Obfuscate. I was able to trigger the crash > > on a clean build and then with this patch, I'm not seeing the crash > > anymore. > > Since this patch fixes the bug, we're looking for one call to folio_put() > too many. Is it possibly in fuse_try_move_page()? In particular, this > one: > > /* Drop ref for ap->pages[] array */ > folio_put(oldfolio); > > I don't know fuse very well. Maybe this isn't it. Yeah, this looks it to me. We don't grab a folio reference for the ap->pages[] array for readahead and it tracks with Mantas's fuse_dev_splice_write() dmesg. this patch fixed the crash for me when I tested it yesterday: diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 7d92a5479998..172cab8e2caf 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -955,8 +955,10 @@ static void fuse_readpages_end(struct fuse_mount *fm, struct fuse_args *args, fuse_invalidate_atime(inode); } - for (i =3D 0; i < ap->num_folios; i++) + for (i =3D 0; i < ap->num_folios; i++) { folio_end_read(ap->folios[i], !err); + folio_put(ap->folios[i]); + } if (ia->ff) fuse_file_put(ia->ff, false); @@ -1049,6 +1051,7 @@ static void fuse_readahead(struct readahead_control *= rac) while (ap->num_folios < cur_pages) { folio =3D readahead_folio(rac); + folio_get(folio); ap->folios[ap->num_folios] =3D folio; ap->descs[ap->num_folios].length =3D folio_size(fol= io); ap->num_folios++; I reran it just now with a printk by that ref drop in fuse_try_move_page() and I'm indeed seeing that path get hit. Not sure why fstests didn't pick this up though since splice is enabled by default in passthrough_hp, i'll look into this next week.