From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26A61D3B7CA for ; Mon, 25 Nov 2024 00:30:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 38E3A6B0082; Sun, 24 Nov 2024 19:30:53 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 33D076B0083; Sun, 24 Nov 2024 19:30:53 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1B8676B0085; Sun, 24 Nov 2024 19:30:53 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id EE7826B0082 for ; Sun, 24 Nov 2024 19:30:52 -0500 (EST) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id A4261160444 for ; Mon, 25 Nov 2024 00:30:52 +0000 (UTC) X-FDA: 82822737102.11.9FF49E1 Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by imf01.hostedemail.com (Postfix) with ESMTP id 4885140011 for ; Mon, 25 Nov 2024 00:30:48 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=Y4pMVvu2; spf=pass (imf01.hostedemail.com: domain of wqu@suse.com designates 209.85.221.45 as permitted sender) smtp.mailfrom=wqu@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732494648; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=In4MV9J97AT0cT9b+Yku4Fnet8PUyuFSy1FKoa/EZ1Y=; b=YfMOswkU2W8E+5+mZDGR3AhthM+rTJuQzHKrCWovE7Z/JfI+RTgbm/Tma1wQINRG/U5eaB WM+zDbX+vPQIMxyr5yxtlIkpVulUMvp+LTN/0lKD2caBrVyVvwpqQdTzEllwn2KYZSAhNf xfMU9liSUsR3Yu8VbDdJWqpmRmCRdA0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732494648; a=rsa-sha256; cv=none; b=V2Xum1CDc0aKrrzX2ld8DQI/djUrFZTGA4hxR7m8AC9Vz+lP57pAIvjIA9hug+qrgJf9YS xI6kKCmWQCMG2jRWc3Luth9mMAs3Zg3V1HtSU/8cxOkMV1skwkR3rnPfVl0WA1h+RWdVF6 kpA1LihJEEYaL4X1uKhWyRKQjSfaSow= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=Y4pMVvu2; spf=pass (imf01.hostedemail.com: domain of wqu@suse.com designates 209.85.221.45 as permitted sender) smtp.mailfrom=wqu@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-38232cebb0cso3020406f8f.1 for ; Sun, 24 Nov 2024 16:30:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1732494648; x=1733099448; darn=kvack.org; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=In4MV9J97AT0cT9b+Yku4Fnet8PUyuFSy1FKoa/EZ1Y=; b=Y4pMVvu2A1HtNFeP9p4ysQxhuLJ2rE0RjTn8DDuKiX2EyrtBYEPvJ/2uDAq9BVRY2b /FS110QBf3Gri39o2tZZ/QPBDCnh6v0I9PQApEgXnva+iyH5GS1QjToOnFGu7ZvkwrOQ IGMXYmOvntnFM5wmz9j7izfaVx8GpDuPmz/xKhKGTY5XeS2B5UseFsXN0rPnzQKerkUp p0hRhqt67bsOidiNprARLcemFaZ8e98db+OBoLvvhDwRnFzY3MtY2g0tFIwIw6QBZ7u7 NoL77R/fr+kFGAGBXSBvZ9mHZJxDSF4qUObCv4fEf7ZosfYyXP767MV46fsfvfIAIuTv VXag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732494648; x=1733099448; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=In4MV9J97AT0cT9b+Yku4Fnet8PUyuFSy1FKoa/EZ1Y=; b=Fgr9yN/6upeskto1mXHI7Zsv3uprhHdpKxq6kamCP4xgu1A34HbvnBRCbDw2OMc3Hx ri47EujNxIjFCwcyrE/NrXJ5ch/95Q+Zbn6f/+oCpQO9QzUhpO9AewfvvsUV1ztNceL4 BXvFd0JKplHlYZzoBNOHlxmM9oOJC8St1Zc5ljti1t+PZdtEKjysSPCQjP0bZjSKxz0v iRsDXDZDGOZF08Ese8n8fhVVfmsZMzxObeaiFFK02tRVu5VkCWaGLEiaKtSxIJCud6tt jizmgMByMvaQJe4V4zclWCt+U+GE/+3gNbJzEf8mhP7cCW0pj1/X13mh/X/TJjkBfJth KevA== X-Forwarded-Encrypted: i=1; AJvYcCUOQDqLwNz3+rRPw8N7Aybplh4WkEgwDn0fiEgJ0c5TjKeokzuU7Fpi3zl0SqQUnfdtsONsp3BDAQ==@kvack.org X-Gm-Message-State: AOJu0YzfFe/FqbKXdBQxaNFGcEm2+gUSyfM6htYSVdlNr/X08/yshTux MOXUdLsHm6RwJ/jzSCb7l4s4ElyJ3jg7Us8MAnd6E2YoJea4pFXSRGGaUN3KEz8= X-Gm-Gg: ASbGncuCDBZGZeAoLbPhPC3S2H4gTh6eGHGLIFUPkqKr+SOmLJQar1uNn5L6dgy+eTM i0F7ICFEroUtg3YTiKrK2kkB12o0iF9hiIsOJqTpFWVLgMwT0DQQ8swOoSKZFBHFwITwbXmB/em xFIDMTiqIUUPvyxUltrhHe/ek8AugT9iv9K5CzxJtNaP4Ede0VU1CDMXUPuaDEsvOTVmF/QZ+d9 0+kRja012qWz8m8Wa6aHQR8QMYYSS8SCxTxaK2T9w8Ssk5B5PEGEMjSZf4OD7lwaNlz2lD7xOZk 5w== X-Google-Smtp-Source: AGHT+IGRZF+ElRynDvzCG5+WgNc1U48/xAfkxjpXHoROCBbo3clZ8AH2AsjNjPvm/2klj3XuvbspIg== X-Received: by 2002:a05:6000:154c:b0:382:5010:c8e1 with SMTP id ffacd0b85a97d-38260bc861bmr8406253f8f.42.1732494648187; Sun, 24 Nov 2024 16:30:48 -0800 (PST) Received: from ?IPV6:2403:580d:fda1::299? (2403-580d-fda1--299.ip6.aussiebb.net. [2403:580d:fda1::299]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2129db8d478sm52248305ad.33.2024.11.24.16.30.43 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 24 Nov 2024 16:30:47 -0800 (PST) Message-ID: Date: Mon, 25 Nov 2024 11:00:40 +1030 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [syzbot] [btrfs?] kernel BUG in __folio_start_writeback To: Matthew Wilcox , syzbot Cc: akpm@linux-foundation.org, clm@fb.com, dsterba@suse.com, josef@toxicpanda.com, linux-btrfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com References: <67432dee.050a0220.1cc393.0041.GAE@google.com> Content-Language: en-US From: Qu Wenruo Autocrypt: addr=wqu@suse.com; keydata= xsBNBFnVga8BCACyhFP3ExcTIuB73jDIBA/vSoYcTyysFQzPvez64TUSCv1SgXEByR7fju3o 8RfaWuHCnkkea5luuTZMqfgTXrun2dqNVYDNOV6RIVrc4YuG20yhC1epnV55fJCThqij0MRL 1NxPKXIlEdHvN0Kov3CtWA+R1iNN0RCeVun7rmOrrjBK573aWC5sgP7YsBOLK79H3tmUtz6b 9Imuj0ZyEsa76Xg9PX9Hn2myKj1hfWGS+5og9Va4hrwQC8ipjXik6NKR5GDV+hOZkktU81G5 gkQtGB9jOAYRs86QG/b7PtIlbd3+pppT0gaS+wvwMs8cuNG+Pu6KO1oC4jgdseFLu7NpABEB AAHNGFF1IFdlbnJ1byA8d3F1QHN1c2UuY29tPsLAlAQTAQgAPgIbAwULCQgHAgYVCAkKCwIE FgIDAQIeAQIXgBYhBC3fcuWlpVuonapC4cI9kfOhJf6oBQJnEXVgBQkQ/lqxAAoJEMI9kfOh Jf6o+jIH/2KhFmyOw4XWAYbnnijuYqb/obGae8HhcJO2KIGcxbsinK+KQFTSZnkFxnbsQ+VY fvtWBHGt8WfHcNmfjdejmy9si2jyy8smQV2jiB60a8iqQXGmsrkuR+AM2V360oEbMF3gVvim 2VSX2IiW9KERuhifjseNV1HLk0SHw5NnXiWh1THTqtvFFY+CwnLN2GqiMaSLF6gATW05/sEd V17MdI1z4+WSk7D57FlLjp50F3ow2WJtXwG8yG8d6S40dytZpH9iFuk12Sbg7lrtQxPPOIEU rpmZLfCNJJoZj603613w/M8EiZw6MohzikTWcFc55RLYJPBWQ+9puZtx1DopW2jOwE0EWdWB rwEIAKpT62HgSzL9zwGe+WIUCMB+nOEjXAfvoUPUwk+YCEDcOdfkkM5FyBoJs8TCEuPXGXBO Cl5P5B8OYYnkHkGWutAVlUTV8KESOIm/KJIA7jJA+Ss9VhMjtePfgWexw+P8itFRSRrrwyUf E+0WcAevblUi45LjWWZgpg3A80tHP0iToOZ5MbdYk7YFBE29cDSleskfV80ZKxFv6koQocq0 vXzTfHvXNDELAuH7Ms/WJcdUzmPyBf3Oq6mKBBH8J6XZc9LjjNZwNbyvsHSrV5bgmu/THX2n g/3be+iqf6OggCiy3I1NSMJ5KtR0q2H2Nx2Vqb1fYPOID8McMV9Ll6rh8S8AEQEAAcLAfAQY AQgAJgIbDBYhBC3fcuWlpVuonapC4cI9kfOhJf6oBQJnEXWBBQkQ/lrSAAoJEMI9kfOhJf6o cakH+QHwDszsoYvmrNq36MFGgvAHRjdlrHRBa4A1V1kzd4kOUokongcrOOgHY9yfglcvZqlJ qfa4l+1oxs1BvCi29psteQTtw+memmcGruKi+YHD7793zNCMtAtYidDmQ2pWaLfqSaryjlzR /3tBWMyvIeWZKURnZbBzWRREB7iWxEbZ014B3gICqZPDRwwitHpH8Om3eZr7ygZck6bBa4MU o1XgbZcspyCGqu1xF/bMAY2iCDcq6ULKQceuKkbeQ8qxvt9hVxJC2W3lHq8dlK1pkHPDg9wO JoAXek8MF37R8gpLoGWl41FIUb3hFiu3zhDDvslYM4BmzI18QgQTQnotJH8= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 4885140011 X-Stat-Signature: 33ipzzaapf6z7cch64yuspudi63t7dif X-HE-Tag: 1732494648-404671 X-HE-Meta: U2FsdGVkX1/Me5I87MPPeEUVIG8xnpb/ft4gml1yT2ml/wbSKKZD+QSwEj3Ag6Ku10q/zxqplvkskoYkdKJ1mY+VJkGIeRBiApVJcMCGIemFp1kVxfDerC6xbsZCXZnU4rBbCAm1GtW74G3F3759aCWGAhtV4gjgY8odF390uY1YPpODmcdLyf9iUjk6cdMQG6JRNREGFTklw6vEbf9oMOIRN+0DDTTHJ2yzcfJMc/o/sAV8f4IhLOASCposUqcvQBqvzUgPmMYBDMJogeYRdY9fmE/fbxQ/m1Wp4yrkFn2wC22ANXksz9XW/vYw84y/3DdRYXngkLYAlOoU/LiV+d6K1RDwNV+ksyLobdBgqGAcWR1ojWx6DPLhs1LcMQoGgeIRGioThDfN4NCeHAl2jwH6GXxinhT8Hk7GPsapC48uf4zvlmag2gY6BOurNvV8JWtVwBP7PRq1msy3uFUvm0F4l4kyvc2jqvavCSQ1zivBLKKl+INpziIRnutH4L2BsEssV+d/pEtdaFkCW01Q6Yb8B3i9WOEVyAVs9FVrsah4/oudlP+gHS3fzBajbYAY/SWYQks4PWF/S8eqi7fIdmKe9OUH39IfGGRTXabyfWK14J9E5YBDhrLO7LkHpRLFu8MXKPgprBnv2aMgBW7QPyoXnMSgqOZ2HNE829IbZutIYmcKmMQ4RhIzYt2tvFG0lxF6Ts6hXDhD+HhK3MSmkKT7Hdo6gOQsKQZ2IIIObqtra80DvQh3rmvRP7GLZQIqVAwav/fv5CORBUD9qZQrucK84DTBHOsxIYhAD43SJEzSEd1pg7/Y4Rftf6QikQFvUdqQYJG9g3oOwHSO3+Y0xgMhKoNC0CLmithEu2TLKQ7Xv0b/bMpyIp3ylzhcpX6pz1NnDh7LqTaYN6UIpRGbAGmHX292+pX4EiBfwbIOqrbZQoNu8T9LcCBqC/CIJhY/Q2j2G5vsAgGejkh4WxA ehHnYDyz dHNwu6BDdMQGB+4xL6idb9coFpgmqKPiQvzLzKBtXNy3M0TPQKJJ2Rf9Ez24QEKRcTbIC7JgfqF2uSgomBOY5OWOOOccVTb6Z/JmngCipfzMkeSvqQMKWYaH/xvR/LW3HxLeFkRbOevSI7wkU/vfHLcGD77Beq5Vi8NOJTKz9j0cOglY24LBcY2R1vdQ3TseKeA+4s15z0YJlHkYcNwWo2CVgR9qngL6fPQW9iNurLi7xnCS4n5tiXk4atQs8uO68ygqNmFe06V1WVvAbOBuE/OPm7lUTp9+WzYcvuC4w/fR1CnFUMvTJ3P/nzOy4ub0MhazuY+5qEhkmYUaaDqHjpzcEKprAmGmdJgmbzaWUCjnx9iqoGbb/2AsRU5aSXHMgDL7ssVPT2czJWNjHg67prAI2RGX6USt9daQfgsmx8xZpSwpyuzkUDvn65IfTkqWxGVpvHwDtlsw++FHDbmXTYCqg56FDk0Axd7hxtX1jz9uulMqdc9p0TF/MH57KNrIk6CS+ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: 在 2024/11/25 07:56, Matthew Wilcox 写道: > On Sun, Nov 24, 2024 at 05:45:18AM -0800, syzbot wrote: >> >> __fput+0x5ba/0xa50 fs/file_table.c:458 >> task_work_run+0x24f/0x310 kernel/task_work.c:239 >> resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] >> exit_to_user_mode_loop kernel/entry/common.c:114 [inline] >> exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] >> __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] >> syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 >> do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 >> entry_SYSCALL_64_after_hwframe+0x77/0x7f > > This is: > > VM_BUG_ON_FOLIO(folio_test_writeback(folio), folio); > > ie we've called __folio_start_writeback() on a folio which is already > under writeback. > > Higher up in the trace, we have the useful information: > > page: refcount:6 mapcount:0 mapping:ffff888077139710 index:0x3 pfn:0x72ae5 > memcg:ffff888140adc000 > aops:btrfs_aops ino:105 dentry name(?):"file2" > flags: 0xfff000000040ab(locked|waiters|uptodate|lru|private|writeback|node=0|zone=1|lastcpupid=0x7ff) > raw: 00fff000000040ab ffffea0001c8f408 ffffea0000939708 ffff888077139710 > raw: 0000000000000003 0000000000000001 00000006ffffffff ffff888140adc000 > page dumped because: VM_BUG_ON_FOLIO(folio_test_writeback(folio)) > page_owner tracks the page as allocated > > The interesting part of the page_owner stacktrace is: > > filemap_alloc_folio_noprof+0xdf/0x500 > __filemap_get_folio+0x446/0xbd0 > prepare_one_folio+0xb6/0xa20 > btrfs_buffered_write+0x6bd/0x1150 > btrfs_direct_write+0x52d/0xa30 > btrfs_do_write_iter+0x2a0/0x760 > do_iter_readv_writev+0x600/0x880 > vfs_writev+0x376/0xba0 > > (ie not very interesting) > >> Workqueue: btrfs-delalloc btrfs_work_helper >> RIP: 0010:__folio_start_writeback+0xc06/0x1050 mm/page-writeback.c:3119 >> Call Trace: >> >> process_one_folio fs/btrfs/extent_io.c:187 [inline] >> __process_folios_contig+0x31c/0x540 fs/btrfs/extent_io.c:216 >> submit_one_async_extent fs/btrfs/inode.c:1229 [inline] >> submit_compressed_extents+0xdb3/0x16e0 fs/btrfs/inode.c:1632 >> run_ordered_work fs/btrfs/async-thread.c:245 [inline] >> btrfs_work_helper+0x56b/0xc50 fs/btrfs/async-thread.c:324 >> process_one_work kernel/workqueue.c:3229 [inline] > > This looks like a race? > > process_one_folio() calls > btrfs_folio_clamp_set_writeback calls > btrfs_subpage_set_writeback: > > spin_lock_irqsave(&subpage->lock, flags); > bitmap_set(subpage->bitmaps, start_bit, len >> fs_info->sectorsize_bits) > ; > if (!folio_test_writeback(folio)) > folio_start_writeback(folio); > spin_unlock_irqrestore(&subpage->lock, flags); > > so somebody else set writeback after we tested for writeback here. The test VM is using X86_64, thus we won't go into the subpage routine, but directly call folio_start_writeback(). > > One thing that comes to mind is that _usually_ we take folio_lock() > first, then start writeback, then call folio_unlock() and btrfs isn't > doing that here (afaict). Maybe that's not the source of the bug? We still hold the folio locked, do submission then unlock. You can check extent_writepage(), where at the entrance we check if the folio is still locked. Then inside extent_writepage_io() we do the submission, setting the folio writeback inside submit_one_sector(). Eventually unlock the folio at the end of extent_writepage(), that's for the uncompressed writes. There are a lot of special handling for async submission (compression), but it still holds the folio locked, do compression and submission, and unlock, just all in another thread (this case). So it looks like something is wrong when transferring the ownership of the page cache folios to the compression path, or some not properly handled error path. Unfortunately I'm not really able to reproduce the case using the reproducer... Thanks, Qu > > If it is, should we have a VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio) > in __folio_start_writeback()? Or is there somewhere that can't lock the > folio before starting writeback? >