From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16D41C4706F for ; Mon, 1 Jan 2024 09:08:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 84A708D0029; Mon, 1 Jan 2024 04:08:10 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7FB408D0012; Mon, 1 Jan 2024 04:08:10 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6EA038D0029; Mon, 1 Jan 2024 04:08:10 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 606F58D0012 for ; Mon, 1 Jan 2024 04:08:10 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 2F08A1C0CC0 for ; Mon, 1 Jan 2024 09:08:10 +0000 (UTC) X-FDA: 81630165540.18.B66E7BF Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf14.hostedemail.com (Postfix) with ESMTP id CE58410000A for ; Mon, 1 Jan 2024 09:08:07 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=dMJHNqsl; spf=none (imf14.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1704100088; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HXbZ0sxnDZzhlQp2F6Mpy+dhtbcwpBUtIlShgaOKyHE=; b=BAvRjmrl5TrJbf/xx6SDnb9bJX+5NLT4d+H6eyzDTZLt8532hWIulNHQLNu5VTzeti0JtT IvnFUVqzgDzJKW/6MdKqGl4D/327mq75D4svztR8MsJywofH6dlTQTV8M5sTxazkl9A02d 0piKWM3kqMFLEFol7sUcSdOAd3b2/9o= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1704100088; a=rsa-sha256; cv=none; b=J8ftkGPD/6l9FXrVv9MtcITXEeceZBV2gkxahdliA+KnjYsEzfx/QFdwRBVrceSXqCABYY 6ucPT7Lg2bqyFfcfWZHDmvb1ALio4OMQ/ljYMyIZ4IaHotYQvM0/XwOTc3tmwoSEfTVOdc 6XrKUuGTbbYbRk/5BhJ3bViOaeTxAvM= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=dMJHNqsl; spf=none (imf14.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=HXbZ0sxnDZzhlQp2F6Mpy+dhtbcwpBUtIlShgaOKyHE=; b=dMJHNqslObVykUwGUh7oBNKQbJ dTBwsbSKgXSx6mgGrtVy6fS1Jco+6rzyqoL+TPl6tLvXlsVt7wXfSoU4rxIX1oge7YiPtoIVMSXHS u2gOa4ImoDONf8qjT/QhbvlRU4Ukk5+Ew/8JYvxPKmQXwqpBOvtf+gW6FYn9QLCb6ZZhpIrameylM 88CAOLshXbNvBW3YAfHvodHqEjGcj/mB1SEHryW6SAEEmpzB9+kp7YDFuwzSJI6oV5raGMuUZ5oVi PP320X5QmfO4tdl4ARdwoFKAkTiU1x3J/aHPsOkIXs5PRfigvqowcGodoKDQUrkPDj3+E0o6pWSeE 6OyWF2mA==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1rKEH2-008Rnu-77; Mon, 01 Jan 2024 09:07:52 +0000 Date: Mon, 1 Jan 2024 09:07:52 +0000 From: Matthew Wilcox To: Hillf Danton Cc: Genes Lists , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Subject: Re: 6.6.8 stable: crash in folio_mark_dirty Message-ID: References: <8bb29431064fc1f70a42edef75a8788dd4a0eecc.camel@sapience.com> <20231231012846.2355-1-hdanton@sina.com> <20240101015504.2446-1-hdanton@sina.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240101015504.2446-1-hdanton@sina.com> X-Stat-Signature: nacdpmf7rd7hnbu8fiztfuofzj4dtyjc X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: CE58410000A X-Rspam-User: X-HE-Tag: 1704100087-110744 X-HE-Meta: U2FsdGVkX1/MP6KQlCa483fwROTdOan2cfJ8Btvlsy2JOIFXwc1n5IH1yW8BJPasgTWLsWEoVcOKdkgboi8VjWd4dwZ8FhGd+JsJTAQ/gPmg7yvPKoAanQbC7zqRkt9gyP8guzaotElSW0+HLmAhzPf06VN5j/DAqQRDw9TaAIgeUeWTStA7TcJ25+rMeNoJLemOqV6t1mFpVwbUjnMmsq5NEUw50Jcmfa4Z8qa5dhCpgWAFNAIwAJ+w9mqns4A/TeLpIPRSO3mYvDGX4QDrSfbYp2FEhs5irkNeRUGlF/uG2poeJ3dCEkNRvqBfQdLOzy7ccvDTUFwVEdYmDbF5WgI+9JavjVcMjhvUV6DB7qZjk0dZQE5wB21G+ekrvauIO47u5g3Wxl3+aUWr5VOM6kdzJ2nTO0luwHOct//V4MY7jHn9t2D7v1Eq2J2LoEbbxba4qob+DvqDl+o6DHHz+5yGRGM/BK7Dqgkxj+U6Qj1QbCudecVyVhxRRdrEmsA+8PIztlTokKWlG5G/ozdmo2QcABi9Hfds8Dq1DaRojor2Bk0XgnFNnMGQlgb7toyMtpOfzMxGHsxnkwy4GlsknJa4Z524dmlHWMS4qQ2YGorc4dioea0LverMcojYJcWWvfYTVT6y2fwdm1NH1HbwHgUKaIH1lzhNBdyA9RbF2C90ugfopqlBBHug3FCliINl8f/6sYdeMWT2vhmC40TT50QRx2HgMJGeLd8YYYwVm87E4KS4qxy7eCnz/qzj/CdhOPK3n7HGN0h5btrCiaDUhuvIppsrtzlZ7lAcP76tBsFoadv1/DnJLO6Qt2+/GmooTYgjP6Hkh9guI3OQtfT0dB2zMuLA46pt/YJS9juwtM9PNvo3fLQf9gDkcFtlXCsIOx40OB0k/wbfwU+XdFsSnxge3JC21wUcBn6RHDBGk+/zMdcxaWFvVgjrqeGkSONWOdYEV5kjhB8gqWGOvxC j2slyD3k hDA3L4agUx/0VvqjmjRFaPVedbb703nO4InQcmKFFv4XQGT0CJWXhiC4+ddUd7Q2IRZEnOf+R+FYZt9L/sqjTlY+KUL30kJwNOji/hSRXVQKQCSzqmm3Ll5lgepStJqBOwfYttHdXX8GqBHcUXu0BxtlxuEiYybsaPImKYq+Ht/UxCPbdqLKl8sQl7G91FXPpPDmuhDaXpl0P8ei+j8ygIv5QEmaYDhs/tirAO2t51s/63Xeh+5G+pABCO9zfQ8oIUou1sHYROsL0HE5WwaPrWEurqs8ZPwiiQOatn41V+8TQftMMNArmcLSBtl6ivS1OvfxHDhLyIMUFaSg54xB/kbzWcyz9IZ1bc7LrujnJzCnsnTw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jan 01, 2024 at 09:55:04AM +0800, Hillf Danton wrote: > On Sun, 31 Dec 2023 13:07:03 +0000 Matthew Wilcox > > On Sun, Dec 31, 2023 at 09:28:46AM +0800, Hillf Danton wrote: > > > On Sat, Dec 30, 2023 at 10:23:26AM -0500 Genes Lists > > > > Apologies in advance, but I cannot git bisect this since machine was > > > > running for 10 days on 6.6.8 before this happened. > > > > > > > > Dec 30 07:00:36 s6 kernel: ------------[ cut here ]------------ > > > > Dec 30 07:00:36 s6 kernel: WARNING: CPU: 0 PID: 521524 at mm/page-writeback.c:2668 __folio_mark_dirty (??:?) > > > > Dec 30 07:00:36 s6 kernel: CPU: 0 PID: 521524 Comm: rsync Not tainted 6.6.8-stable-1 #13 d238f5ab6a206cdb0cc5cd72f8688230f23d58df > > > > Dec 30 07:00:36 s6 kernel: block_dirty_folio (??:?) > > > > Dec 30 07:00:36 s6 kernel: unmap_page_range (??:?) > > > > Dec 30 07:00:36 s6 kernel: unmap_vmas (??:?) > > > > Dec 30 07:00:36 s6 kernel: exit_mmap (??:?) > > > > Dec 30 07:00:36 s6 kernel: __mmput (??:?) > > > > Dec 30 07:00:36 s6 kernel: do_exit (??:?) > > > > Dec 30 07:00:36 s6 kernel: do_group_exit (??:?) > > > > Dec 30 07:00:36 s6 kernel: __x64_sys_exit_group (??:?) > > > > Dec 30 07:00:36 s6 kernel: do_syscall_64 (??:?) > > > > > > See what comes out if race is handled. > > > Only for thoughts. > > > > I don't think this can happen. Look at the call trace; > > block_dirty_folio() is called from unmap_page_range(). That means the > > page is in the page tables. We unmap the pages in a folio from the > > page tables before we set folio->mapping to NULL. Look at > > invalidate_inode_pages2_range() for example: > > > > unmap_mapping_pages(mapping, indices[i], > > (1 + end - indices[i]), false); > > folio_lock(folio); > > folio_wait_writeback(folio); > > if (folio_mapped(folio)) > > unmap_mapping_folio(folio); > > BUG_ON(folio_mapped(folio)); > > if (!invalidate_complete_folio2(mapping, folio)) > > > What is missed here is the same check [1] in invalidate_inode_pages2_range(), > so I built no wheel. > > folio_lock(folio); > if (unlikely(folio->mapping != mapping)) { > folio_unlock(folio); > continue; > } > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/mm/truncate.c#n658 That's entirely different. That's checking in the truncate path whether somebody else already truncated this page. What I was showing was why a page found through a page table walk cannot have been truncated (which is actually quite interesting, because it's the page table lock that prevents the race).