From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14B2EE77188 for ; Fri, 10 Jan 2025 16:27:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6F4046B00B4; Fri, 10 Jan 2025 11:27:11 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6A55A6B00B5; Fri, 10 Jan 2025 11:27:11 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 56BE16B00B6; Fri, 10 Jan 2025 11:27:11 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 35F2F6B00B4 for ; Fri, 10 Jan 2025 11:27:11 -0500 (EST) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id E6BD1140A5F for ; Fri, 10 Jan 2025 16:27:10 +0000 (UTC) X-FDA: 82992071820.05.E03FA34 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf11.hostedemail.com (Postfix) with ESMTP id 16E6740003 for ; Fri, 10 Jan 2025 16:27:08 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=mF3WsEd6; spf=none (imf11.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736526429; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4JZZcyLRx4S+2U42ri9DGjU2GQ4V/PN7cHJ97TJK0j4=; b=ZcYBsBHHtOWeSIwSJGxURyTB/NlcT+qRthWnwXREVNgTIH9RikEIKmfLe2/4XpF3pWCiN9 xErJBjkVahmUR+JVS06g9BGaek+kptUjBAumEIdiOzC9R1zP0cBL4yTEJ/NisGKgybiaPI Ae3PheC4wwwsIA+M4wxFNk/niXZUFBQ= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=mF3WsEd6; spf=none (imf11.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736526429; a=rsa-sha256; cv=none; b=tyaPPTFZY8tFNLEbj87BuIGKrN6hsDNnSCW+Swxj829+0SOeI9g17jhN6Ed1W4hKcxGdJt hnjweqmyGMl8z4qkicu9V3PT7d1qAIo9nhOhBp2CZV8VvfSCcInpstn+ipxtngnW37sr+G F65B5qNBK/mdpe1iUifuVXy8yYt19X0= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=4JZZcyLRx4S+2U42ri9DGjU2GQ4V/PN7cHJ97TJK0j4=; b=mF3WsEd6itGAdf5Sk/cbaBNn6M P3S5pU3vHEpffV6DPwQ1JpTKW3iG/wva0PDHPPI4oSy9M8JBnsI3OJl3ws9zxwkUFCXg+FZ3isb4L A4Iulqk6BsUj6Mo3Vv+89gFhKgphTSqKC6aZ8Hy7s0j13joTc1RyCly3phiJwhmuPEzKhnCWH16+P fCONzvzcbXH3zV3Rg72jK7MBkxug+43Iw2lKG15BYKBO5OummgiWiwEuihCeOINHgqTyn+1rVTCK5 XRcY+T6Oe6ew8Hob4N+YLso0bCL1PIIQsWdj6i1SAT+0AuGYAo5rbXfifq1vn5h0zCO6aBtlHhR3+ e1EYLjqQ==; Received: from willy by casper.infradead.org with local (Exim 4.98 #2 (Red Hat Linux)) id 1tWHqh-0000000E1yT-2Gcp; Fri, 10 Jan 2025 16:27:03 +0000 Date: Fri, 10 Jan 2025 16:27:03 +0000 From: Matthew Wilcox To: David Hildenbrand Cc: syzbot , akpm@linux-foundation.org, hdanton@sina.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, "Liam R. Howlett" , Lorenzo Stoakes Subject: Re: [syzbot] [mm?] WARNING in __folio_rmap_sanity_checks (2) Message-ID: References: <676fee37.050a0220.2f3838.0497.GAE@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 16E6740003 X-Rspamd-Server: rspam12 X-Stat-Signature: oobgtnhxb6zfbuy38hetg768pnpzen3f X-Rspam-User: X-HE-Tag: 1736526428-175055 X-HE-Meta: U2FsdGVkX18vN1CWNtjm/UTkzh0bXoPB+Nr5W1oRrYcHBzpIygK5JWLZ295u9Fd4Ph/PCtde+TApDkc0TrBuSoFCC5+ZOQuR9M13tds/GXyWX5if6NUdKBn+utxdA6lzj67UjyTcpvWsuBZkhE2VKtbhnKfyDKFsDaU0wQTeX/50nNH2cY49LqBIpPOudzAIbTIECWb/2xgt7Ikik7V1wxzxqhDBb+1tam+TjCZ3fJsnTQshjOS6DbIjVrIfIP8hAR2lJ9bBse2SSgWvhANels7uxsSv1DyVRzCNBGmpx6OiBhiGtoYWVrojTiEYGHf0lpp4bqo8GVZ6KUR5a3f/PQxaw7G8Bxc4HwItnuNpirbNgLfPhXRCuu++vRM/oi/QmHTnAwgqSvv6jwOUiOQobrSxtqALjiNj0FptmpM0pyvUWnwQUsIjKTHM+uxRxj+k3xq2zZ7gYyY/4/hm5TxITWkVZDHGpbeMYucPpzPN/GhePU3lsnqN1KzN+/7V0tx1yD5A7I7K1qOotr0499P6ldDkaztjIxdA0BmxoYZtbY6a375J27ydxpk5VmHJxFmN7YiWpj7g734ju8NoMF+iezWdU8LtBHZ7xvP/DQZpuZkck9GqGLXdwFuEZSB+1V0qEgnI3+HLaeJQndbfPPJS270N2hdPaCegcN+8zJWsUDmsJ83ihfgWH8mGtCDQ6D9igO2jhFZTQnfdu+eZ5oqoRsfIEuWHEnSyXF3GXMn/PSth0lIeQRRGCpzzCq9yfkobeOBgcL2RKBYMsyRHONB7ybLGG3O/+7PAxjYF3CUVz/cW8C30E44HLzPPGC5SR7UKKUkMPTVZCAxZ7FzqIq0RPGKmMgmXG8N0BSw+jBTtIHYDrJvx8FRpnPwpK77MKRnaHcsrbfphKJ/g7Z2ypNVdBOHq42YXVkZl2ZwY3OMFejGNm8s2eTFtj5sB+zoYIHpDyvAFckuUb+TzEJw6XSg jqUTwaLq BIcb/g1k+/hsxuOcBnVu++qJ34L7rjvyCrMfJ9ver8k2oYRJInMFsdeboqvft15CrnhKBGE2cyipG8A+1bH9ZkG7LcBymSrw82y0fQmIjoLb/koAP+nIYiiy3TDPM+T/u9DAwGQRzJf6PBt6S6aHKybDe0+Hp1dn+/AlU7YTWOJPV+HtpNKCJL7KSIhLsS4hIazug0/uPT297wld/RtUiWexEBgcv9yYjoGAaMPawjZ75hc2Mz3kUUxQZMmq6gRczwoLPT8nmk5pIyS18+clL6zq3HekyEO6pUiMyQHjXCSVT3ZyYPBvaHUES/vnHtL5RgoZwwC8CaPKEvUwqs8IOrIOh62ShrCaTOJ8ybo55OMRH3+0fXjDd6z15zPJ91xlmU+PQtaLABUWmz5he2UsYECRzTUYh2xOta4BkqoE7QWiqp45NsdUzjb+2nU9qcZy6La3qhBTdwa6D9+VitxrVnJuKj3y7V8Tf+ZojjQH7u+zVIoc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000100, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Jan 10, 2025 at 05:19:54PM +0100, David Hildenbrand wrote: > On 10.01.25 17:14, Matthew Wilcox wrote: > > On Fri, Jan 10, 2025 at 04:48:03PM +0100, David Hildenbrand wrote: > > > If I would have to guess, I would assume that we have a refcount issue such > > > that we succeed in splitting a folio while concurrently mapping it. > > > > That would seem hard to accomplish, because both hold the folio lock, > > so it wouldn't be just a refcount bug but also a locking bug. Not sure > > what this is though. > > Yeah, but we also have > > https://lkml.kernel.org/r/6774bf44.050a0220.25abdd.098a.GAE@google.com That one is a UAF on the vma, so it's either a different issue, or the problem is with the VMA refcount/lookup/..., not the folio refcount. cc'ing the relevant maintainers.