From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2600E77188 for ; Fri, 10 Jan 2025 16:14:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4F3476B00BF; Fri, 10 Jan 2025 11:14:14 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4A3766B00C0; Fri, 10 Jan 2025 11:14:14 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3417C6B00C1; Fri, 10 Jan 2025 11:14:14 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 131736B00BF for ; Fri, 10 Jan 2025 11:14:14 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id AE13244AFB for ; Fri, 10 Jan 2025 16:14:13 +0000 (UTC) X-FDA: 82992039186.12.E82E744 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf29.hostedemail.com (Postfix) with ESMTP id 9F3FA120008 for ; Fri, 10 Jan 2025 16:14:10 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b="XU/NhqeC"; spf=none (imf29.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736525651; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XSCNiXwkbrrGwO+bOa8mwcTbDPY8LHdCB1Ovt5uFNgI=; b=64vYy8uAcPa3jIwmdmwmwoPV4A2cJgCeAQifZR2tNT8iR8xw0DOE0sPFb8UJyzx1V3vvCn OPpuw4kn77SxczZKASdKZYvOcdB7L4HWxS/TEY3vH0MNyZbhzc6La4dPL8ZKgWDJLdmon3 WhekFuq+IwGmo6/5Y7t/7eefXDQI0ho= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b="XU/NhqeC"; spf=none (imf29.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736525651; a=rsa-sha256; cv=none; b=wi4MHJOd+2sbor6F/TMSZpOGaY0+31R0ZhvrBVef5DyX7HmvJTd/RoANHdtFGyDookFG4a UxLKJ+OqOisRXnA2d0mgSPCQhATrfVlzXlfQC9CbGB3jGVWBzEZXT8gqOTUKIxJvKDNPeN 1nwpcA1bG6uajyBltET40Mu83uwSx08= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=XSCNiXwkbrrGwO+bOa8mwcTbDPY8LHdCB1Ovt5uFNgI=; b=XU/NhqeCXyehlV6Meqp7Yuqquu 7NN7yvKZoODFxn6XFrtcZBV3cQKzXpZ35AE4Kg2SrhLpApKxu/iiKWR4EeEfKuEXPxgnREzBjekuZ V8BMIUAKSzMPdJMchkzfpSuQTYlbOsvElau1o0JHvv3WGFhEJmIdbr31MWdJ1nRkOJhl+IEuc9Vlv tvie5/B+hGmn5shEyyv4ZwyGm9jPQ3L7wxKqnVTQtsXqytzC9gio+NB9rlUxUoiKfzSO1cmoM8Ump HJli6BKEpTdMtDTlFEgLFiLxCY0b/THIgsTIUgsfCvj+pqUeBsekzykbGEG3IAiU8WHFTpQqqSBNa XndsZGcg==; Received: from willy by casper.infradead.org with local (Exim 4.98 #2 (Red Hat Linux)) id 1tWHe8-0000000E1F9-09BX; Fri, 10 Jan 2025 16:14:04 +0000 Date: Fri, 10 Jan 2025 16:14:03 +0000 From: Matthew Wilcox To: David Hildenbrand Cc: syzbot , akpm@linux-foundation.org, hdanton@sina.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [mm?] WARNING in __folio_rmap_sanity_checks (2) Message-ID: References: <676fee37.050a0220.2f3838.0497.GAE@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 9F3FA120008 X-Rspamd-Server: rspam12 X-Stat-Signature: egppxtqakwcf8k3m1dju1ektum7bqxqy X-Rspam-User: X-HE-Tag: 1736525650-717178 X-HE-Meta: U2FsdGVkX19CQ9B+nivkKHmuNytCaHQvo4L4GV4FQUiNgnBMdb45avMnhu6Ufq68HK5xUVhtga50pfz7tC0jWARiyv92ARQetumgn/hJsbnD73cy+PsPgfleUT0CjCxS3Fg5TB2QWxOFpcqV2D8WlgVXMrCa2z7rR2/Tq2BmNTAULu4C7ffI7/P5JL4lQxb1wdr0kObccYMGLhhji+FV4QvLpfy68ildJSJnBUr4XproE2eRzp1ul0a9OhHIcivCGBtYj8Co5EdL4dpLTss7orMsIKXv1rw6pA0qwKaJl/vjJx7SM9/gERdqY75lOW9Pt8ULOieFC+rWYKasIuzv0Jb7cqfBnvx2lNPJ+/Zjf9Qut0liGbBCef7hZlovdbIMDtsyTWR59WXXfnCfvh5DH79r4chrVLXHscq1+At5lxreMgxtCeVWL3FboE0ScfGrWIl7t8bfsbvRkLGw6aBwqNkfyOJsdk37setqN4EiMkEv1qLis2RAY7tXd1FCccis4BohKkgpV6UaXr4xLgR+7FCuNnIRXIZHM7bc2pXUYrUXs04zHtv5XdaMJursufyTjlvN6jE6ydhJbo4P92KONJ8hqUUvwUofYJgjo0aToq+CBTdHW6H1g4rqTsNjp0MxOivM/hI3f+Yo7TLSsQnzgorig1gdNoozYFsJDxVxxa76DIwfdQN+Lcs/zemIUrafhcQoM27PZdnurfImtPjpS2xRKl+IZojUxwxkcZIjygvj8urNxSiKXFYGtwVZZGyKgERYsMengUdQdpcZGMSgr5aZb5w4H3+dn7ALqTfhLsa+tRyo5fFDeoBgz1hC3MPa0xsKUR1Kt7QWRaogzi0hb4j6iJQ6ipWQpYTSLdRD8Tpp5eHQiSMdMLUaSYKhluq6GUzkoG+jPVifpPzHbBqD6qS0UU4aOLTgxkqFVZUAvW8F9QkxItqZoGkUHSerqSvS7I2texzUtfODN36LtQt Y6kB/RA5 zJTiZ0FSHY3poEYYZf+TrRwyX+BCknjZWzux7PhPqavMDw+Xe+W0+d3+iaCGx9cVUQUsbmIU9wshUeEYM8EbyCsdVM0BgSchEJsucIhrQXiWQAeQvySORy3GA5lYK9pyECoMclregcfg7LGyeLfBQB0ZxEytM0ebD2aB7Xk+crMnh+3rgI5NyiSvh+kcadhRCRkOWYw93HYPG85r+0c/1B5V4+oVR9pnvP9fV1BRbnazNvJDEfjchPgrXTrv7StxPGhyhjST/Z4HMIsAtiTjXDV/nnHL6XcIYXTOWTKvu4QepmIF/0Eq6NmAuK1l24IBmEXXLHwGoAFOeRib4uLXs6ywRuk0XfNoW+Hz0YO+9I3Qr6lFojlKWO6bsrorUFSRiJITvlIw8Pe7JDEu+CdIEcnKiCEhhbJeRHqH7a+cBkx58X2mN5M+HRro98hTmASt+v4ugSCununOg/bf/06/9DrGsmT+ytQ5aqJl8zbyguShlkJsvQ/y1jj9tzq+c3DbO7yt8CUsIa1YBEoi8lHCGQcOaj+YClCnUa1epY9Fz5h1ywUVmhez7CEW6d5+OhouHar3PLVSvnIi+jyw0iSIv9C+qdaVKuTFtDQck3ulQjv4DDw8bz6bAPHck7ixTXJuPqJ64ZyDz5/gg+VPY/3i3jojPL23FDFVTiT85G//rMSEOKaaCNusVPPb1sPly4NprNpUeOfArHLpX8jT/9IsUPcbPejivLssZZ4/b0KhL1GJ4WWeh9xJXiAuo4+kckclRaWISa/M5EarYd7G0z2UEpQXPHNJB4mLSCXOTqs/VvC/eGaUvCvqNKRVvU6kWrlr97drX3qXIhsW4Fx42Yu9WK2P5u3TtuBDwB1toPFzjb8BnTz1UDL+3OGFCGLgmVwAh9DJd X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Jan 10, 2025 at 04:48:03PM +0100, David Hildenbrand wrote: > On 28.12.24 13:25, syzbot wrote: > > syzbot has found a reproducer for the following issue on: > > > > HEAD commit: 8155b4ef3466 Add linux-next specific files for 20241220 > > git tree: linux-next > > console output: https://syzkaller.appspot.com/x/log.txt?x=1661050f980000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=9c90bb7161a56c88 > > dashboard link: https://syzkaller.appspot.com/bug?extid=c0673e1f1f054fac28c2 > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17438af8580000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=101006df980000 > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/98a974fc662d/disk-8155b4ef.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/2dea9b72f624/vmlinux-8155b4ef.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/593a42b9eb34/bzImage-8155b4ef.xz > > mounted in repro: https://storage.googleapis.com/syzbot-assets/5f780361c9ef/mount_0.gz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+c0673e1f1f054fac28c2@syzkaller.appspotmail.com > > > > xfs_vn_setattr+0x25d/0x320 fs/xfs/xfs_iops.c:1065 > > notify_change+0xbca/0xe90 fs/attr.c:552 > > do_truncate+0x220/0x310 fs/open.c:65 > > do_ftruncate+0x4a1/0x540 fs/open.c:192 > > do_sys_ftruncate fs/open.c:207 [inline] > > __do_sys_ftruncate fs/open.c:212 [inline] > > __se_sys_ftruncate fs/open.c:210 [inline] > > __x64_sys_ftruncate+0x94/0xf0 fs/open.c:210 > > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > > do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 > > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > ------------[ cut here ]------------ > > WARNING: CPU: 1 PID: 11276 at ./include/linux/rmap.h:217 __folio_rmap_sanity_checks+0x369/0x590 include/linux/rmap.h:217 > > Modules linked in: > > CPU: 1 UID: 0 PID: 11276 Comm: syz-executor139 Not tainted 6.13.0-rc3-next-20241220-syzkaller #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 > > RIP: 0010:__folio_rmap_sanity_checks+0x369/0x590 include/linux/rmap.h:217 > > Code: 0f 0b 90 e9 e9 fd ff ff e8 64 cb ab ff 48 ff cb e9 34 fe ff ff e8 57 cb ab ff 4c 89 e7 48 c7 c6 e0 a7 15 8c e8 08 a4 f5 ff 90 <0f> 0b 90 e9 25 fe ff ff e8 3a cb ab ff 4c 89 e7 48 c7 c6 40 a9 15 > > RSP: 0018:ffffc9000e67efd8 EFLAGS: 00010246 > > RAX: 8577b516ce8a9400 RBX: ffffea0001a58080 RCX: ffffc9000e67eb03 > > RDX: 0000000000000005 RSI: ffffffff8c0aaba0 RDI: ffffffff8c5fed00 > > RBP: 00000000000024c0 R08: ffffffff901ab1f7 R09: 1ffffffff203563e > > R10: dffffc0000000000 R11: fffffbfff203563f R12: ffffea0001a50000 > > R13: ffffea0001a55c00 R14: 0000000000000000 R15: 0000000000000093 > > FS: 00007f885c85f6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: 00007f88545b7000 CR3: 000000007fea2000 CR4: 00000000003526f0 > > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > > Call Trace: > > > > __folio_add_rmap mm/rmap.c:1170 [inline] > > __folio_add_file_rmap mm/rmap.c:1489 [inline] > > folio_add_file_rmap_ptes+0x82/0x380 mm/rmap.c:1511 > > set_pte_range+0x30c/0x750 mm/memory.c:5136 > > If I would have to guess, I would assume that we have a refcount issue such > that we succeed in splitting a folio while concurrently mapping it. That would seem hard to accomplish, because both hold the folio lock, so it wouldn't be just a refcount bug but also a locking bug. Not sure what this is though.