From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19000C48285 for ; Thu, 25 Jan 2024 14:07:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 390C56B0092; Thu, 25 Jan 2024 09:07:10 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 319CD6B0093; Thu, 25 Jan 2024 09:07:10 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1C37A6B0095; Thu, 25 Jan 2024 09:07:10 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 04EA26B0092 for ; Thu, 25 Jan 2024 09:07:10 -0500 (EST) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id B68C6140D50 for ; Thu, 25 Jan 2024 14:07:09 +0000 (UTC) X-FDA: 81718010178.04.E3584C7 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf17.hostedemail.com (Postfix) with ESMTP id 6C38340016 for ; Thu, 25 Jan 2024 14:07:06 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=UfJQK2+v; spf=none (imf17.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706191627; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XXP3YFJkDTAm2zsOnv3DQrubzByWfNV5K63UqeZtxcI=; b=xPzpANWBH+L7l3IoSgmD8vM7W5wn6AZEfwKyKcBcgSj00CYZ1E0TeLv5BF+zP72VAkGnqT AdWoqhiGn+pELNgpDv8od+yWWiIsVd4pRUjKdMifYH/ERvox0taV3DAWjyMdJ/3TA6mBA3 xv+FeLJuYiNHMdobshv0IYfSSCbpQJA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706191627; a=rsa-sha256; cv=none; b=YMl27Ch2thbHTdDzUkjSkzeKQxkjc3w+AOGpJqBp+fYhBSAyCGuN76nYWjVkz6p7CxZkkf AaxE2lQG4e6w69AN4FmqfdYrhCD7wNBI17dDOl+81/J3x8oiGskC39ruJScXlbYCWNFKKX xLmfP3fh0VJW/SvBYsjJfc+U2cFohFo= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=UfJQK2+v; spf=none (imf17.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=XXP3YFJkDTAm2zsOnv3DQrubzByWfNV5K63UqeZtxcI=; b=UfJQK2+vPgy8YoGDyfQldf36jb 69jJrRB/0sNkNhT1B58DiM/8Bl2RysOAJ+BO6ns/YE8GS5Vd+FMcUPe8GPiwt6vZxUqmMib2Dzc9u EuQnVQHGu2k6IUzH6aCEU18TR0l5fWFtGXJw1GZtAdzoMErMseyPH7WT7i2vjIuUIgeIImfsQNES2 NFpvDy5JeZJNcM+1N4L8H6o+w23uXhDea7Z4ues8MRH8ibqKq6aBkjCddPHc59spj8/b9bNH+OJtR dk04RjSjwFhNEPpE1exj+3AbInvJCiCbL0grUgqheIr18GnKaP09vqKxO4UMzmyjygKWREedqDNAv Tfzuhogw==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rT0Ne-0000000A91C-1kHD; Thu, 25 Jan 2024 14:06:58 +0000 Date: Thu, 25 Jan 2024 14:06:58 +0000 From: Matthew Wilcox To: Roman Smirnov Cc: stable@vger.kernel.org, Greg Kroah-Hartman , Andrew Morton , Alexey Khoroshilov , Sergey Shtylyov , Karina Yankevich , lvc-project@linuxtesting.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-ext4@vger.kernel.org, Theodore Ts'o , Andreas Dilger , Jan Kara Subject: Re: [PATCH 5.10/5.15 v2 0/1 RFC] mm/truncate: fix WARNING in ext4_set_page_dirty() Message-ID: References: <20240125130947.600632-1-r.smirnov@omp.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240125130947.600632-1-r.smirnov@omp.ru> X-Rspamd-Queue-Id: 6C38340016 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: 5csfp5mf6yrp6ps5yrw6gup4fs94bwzo X-HE-Tag: 1706191626-446559 X-HE-Meta: U2FsdGVkX1+xveCtRVEnXzN+L8Bf7xLJVHAgpuicmDSYLKNqyZONLFXt9ChvLbYX7KU5ypcTQK3CgrEz6kVrRjrDBl6SQGnw9xO9z6t8eS05xohQToUd8xfsUbRWFPBT9P+F1SnHWVFuSOmkmq8uVnBueJBSwVTZXVjgjD/r/n+g4uZpbVjxL9RywrKtrlpi3G3Gvh7CMfjwjq8m4jYNXRWW9A5LQAuDgiBh/EK3Qi03prGv2L5VyifszdtrFW6ECCJxxa3BKbH9b9sqLtA1vD86eTibDiZ0Qn7r4ZM1Oga36YQUxYNL8QPxHRvPOmeFxOz9XGJU0P+ZAQS42aE59ojXmOiLHmzGvlB4gP2ZM4mwdXxuAo71tW83nwDnnbWRt18e5+jq2B/2UVpXwLIe15MGvZKHWB0o+gmlLGcyWKAGpzdoZ9VR/7fhhz4afXL5/2Bmie5WMmoaq0EzZSkTnel60yOZvrkb9pJFvo+oF3RPXTb2JGwiQXmm+nNr+TJKeAgk9/pxGEy/Kg8vZSsVNVotTN6T3ZVuR6ctMPO9PV+WRx3Pzhryr3cnYAT4WKilfuLWh1nceC+gMoyA18IIvcIYDUZLkqY0xGI9WGLjy5yhulh5t+/gIuWcIfLT84bDHAnQuifSLKaU18VX/Yn/p45i9kwHC7WZxXRdsyUyuM/5Mr5eTQfb3CdQWeuszXJEGjJIrVkRvi1B7YKZpYiFkQcgATfooJe4L5TV73xCQ34UknwO2CqniqDEGJzz/Z01QqA70HK+rQf92sQ3IYrD+9Bso0TOMYPnb+WQ8ylLst6/6kCt1UvRPn9i+9v4SPHfzGD8x3SDX/vbOdXBJlzAMU37j2oOqmCLPpY+KMTMTWB7TSV/zmE/02NnMPUhjs/ucp413xHkuMIr70v6FQjn2b37UL41E3e1hFhn17SJ6X+w/vxbQxZpFXJKwV9mm5QNW3KVRbFneLUlGFmoUjn R7aWANOR 0bwcN0o5ut088Em6RE4DjjYITB3BkmM8BJCVnvFj5A9QDT0LFJQL/DUiuW6cAaTMFU453S0MlYnV8kZieeQ6mUDR3ly2wnNUXdchL61seQ5vj+AgLFacS3n0OzF3kA/NBRFriYrQMEiXblo5TabiMwDaKBN8jf6UutsrqJ9ZzJnWa+dB/uUn3MiH+e6slEFnVhcIlyHUhQbyDjbK3LjNkd1tyiqQ3tqOWzzsKDZC0Zt46wkJ+RQzqy4VnzrIMhuRymXK9Fq/qecyIFClnPXvJgOy5zH4BmE3FfvAuJ83GEh6WWyhBVBwq/LyeMY+RJZNRSW18WiRorcpvBR1HyuQ2QeEdc/9TuWUa8HkMd6Qy2fM/uXs= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Jan 25, 2024 at 01:09:46PM +0000, Roman Smirnov wrote: > Syzkaller reports warning in ext4_set_page_dirty() in 5.10 and 5.15 > stable releases. It happens because invalidate_inode_page() frees pages > that are needed for the system. To fix this we need to add additional > checks to the function. page_mapped() checks if a page exists in the > page tables, but this is not enough. The page can be used in other places: > https://elixir.bootlin.com/linux/v6.8-rc1/source/include/linux/page_ref.h#L71 > > Kernel outputs an error line related to direct I/O: > https://syzkaller.appspot.com/text?tag=CrashLog&x=14ab52dac80000 OK, this is making a lot more sense. The invalidate_inode_page() path (after the page_mapped check) calls try_to_release_page() which strips the buffers from the page. __remove_mapping() tries to freeze the page and presuambly fails. ext4 is checking there are still buffer heads attached to the page. I'm not sure why it's doing that; it's legitimate to strip the bufferheads from a page and then reattach them later (if they're attached to a dirty page, they are created dirty). So the only question in my mind is whether ext4 is right to have this assert in the first place. It seems wrong to me, but perhaps someone from ext4 can explain why it's correct. > The problem can be fixed in 5.10 and 5.15 stable releases by the > following patch. > > The patch replaces page_mapped() call with check that finds additional > references to the page excluding page cache and filesystem private data. > If additional references exist, the page cannot be freed. > > This version does not include the first patch from the first version. > The problem can be fixed without it. > > Found by Linux Verification Center (linuxtesting.org) with Syzkaller. > > Link: https://syzkaller.appspot.com/bug?extid=02f21431b65c214aa1d6 > > Matthew Wilcox (Oracle) (1): > mm/truncate: Replace page_mapped() call in invalidate_inode_page() > > mm/truncate.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > -- > 2.34.1 >