| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Oct 2020 08:08:15 -0400
From: Qian Cai <cai@...hat.com>
To: Matthew Wilcox <willy@...radead.org>
Cc: Christoph Hellwig <hch@...radead.org>,
"Darrick J. Wong" <darrick.wong@...cle.com>,
linux-xfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, Jens Axboe <axboe@...nel.dk>,
linux-mm@...ck.org
Subject: Re: kernel BUG at mm/page-writeback.c:2241 [
BUG_ON(PageWriteback(page); ]
On Thu, 2020-10-22 at 18:12 +0100, Matthew Wilcox wrote:
> On Thu, Oct 22, 2020 at 11:35:26AM -0400, Qian Cai wrote:
> > On Thu, 2020-10-22 at 01:49 +0100, Matthew Wilcox wrote:
> > > On Wed, Oct 21, 2020 at 08:30:18PM -0400, Qian Cai wrote:
> > > > Today's linux-next starts to trigger this wondering if anyone has any
> > > > clue.
> > >
> > > I've seen that occasionally too. I changed that BUG_ON to VM_BUG_ON_PAGE
> > > to try to get a clue about it. Good to know it's not the THP patches
> > > since they aren't in linux-next.
> > >
> > > I don't understand how it can happen. We have the page locked, and then
> > > we
> > > do:
> > >
> > > if (PageWriteback(page)) {
> > > if (wbc->sync_mode != WB_SYNC_NONE)
> > > wait_on_page_writeback(page);
> > > else
> > > goto continue_unlock;
> > > }
> > >
> > > VM_BUG_ON_PAGE(PageWriteback(page), page);
> > >
> > > Nobody should be able to put this page under writeback while we have it
> > > locked ... right? The page can be redirtied by the code that's supposed
> > > to be writing it back, but I don't see how anyone can make PageWriteback
> > > true while we're holding the page lock.
> >
> > It happened again on today's linux-next:
> >
> > [ 7613.579890][T55770] page:00000000a4b35e02 refcount:3 mapcount:0
> > mapping:00000000457ceb87 index:0x3e pfn:0x1cef4e
> > [ 7613.590594][T55770] aops:xfs_address_space_operations ino:805d85a dentry
> > name:"doio.f1.55762"
> > [ 7613.599192][T55770] flags:
> > 0xbfffc0000000bf(locked|waiters|referenced|uptodate|dirty|lru|active)
> > [ 7613.608596][T55770] raw: 00bfffc0000000bf ffffea0005027d48
> > ffff88810eaec030 ffff888231f3a6a8
> > [ 7613.617101][T55770] raw: 000000000000003e 0000000000000000
> > 00000003ffffffff ffff888143724000
> > [ 7613.625590][T55770] page dumped because:
> > VM_BUG_ON_PAGE(PageWriteback(page))
> > [ 7613.632695][T55770] page->mem_cgroup:ffff888143724000
>
> Seems like it reproduces for you pretty quickly. I have no luck ;-(
>
> Can you add this?
It turns out I had no luck for the last a few days. I'll keep running and report
back if it triggers again.
>
> +++ b/mm/page-writeback.c
> @@ -2774,6 +2774,7 @@ int __test_set_page_writeback(struct page *page, bool
> keep_write)
> struct address_space *mapping = page_mapping(page);
> int ret, access_ret;
>
> + VM_BUG_ON_PAGE(!PageLocked(page), page);
> lock_page_memcg(page);
> if (mapping && mapping_use_writeback_tags(mapping)) {
> XA_STATE(xas, &mapping->i_pages, page_index(page));
>
> This is the only place (afaict) that sets PageWriteback, so that will
> tell us whether someone is setting Writeback without holding the lock,
> or whether we're suffering from a spurious wakeup.
>
Powered by blists - more mailing lists