[syzbot] WARNING in ext4_dirty_folio

[syzbot] WARNING in ext4_dirty_folio

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    34af78c4e616 Merge tag 'iommu-updates-v5.18' of git://git...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=176c1bb3700000
kernel config:  https://syzkaller.appspot.com/x/.config?x=6190c85675271e4a
dashboard link: https://syzkaller.appspot.com/bug?extid=ecab51a4a5b9f26eeaa1
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ecab51a4a5b9f26eeaa1@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 1 PID: 7386 at fs/ext4/inode.c:3600 ext4_dirty_folio+0xf4/0x120 fs/ext4/inode.c:3600
Modules linked in:
CPU: 1 PID: 7386 Comm: syz-executor.1 Tainted: G        W         5.17.0-syzkaller-09727-g34af78c4e616 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_dirty_folio+0xf4/0x120 fs/ext4/inode.c:3600
Code: 1b 31 ff 48 c1 eb 03 83 e3 01 89 de e8 25 c5 5d ff 84 db 0f 85 72 ff ff ff e8 38 c1 5d ff 0f 0b e9 66 ff ff ff e8 2c c1 5d ff <0f> 0b eb 88 48 89 df e8 a0 62 a9 ff e9 3d ff ff ff e8 96 62 a9 ff
RSP: 0018:ffffc90004dc7a48 EFLAGS: 00010246
RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc9000c2b5000
RDX: 0000000000040000 RSI: ffffffff821b50c4 RDI: ffffea00018ac0a8
RBP: ffffea00018ac080 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff821b5021 R11: 0000000000000000 R12: ffff888044c34b10
R13: dffffc0000000000 R14: ffffea00018ac000 R15: ffffea00018ac080
FS:  00007f35859cb700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200001c0 CR3: 000000001ceb7000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 folio_mark_dirty+0xc1/0x140 mm/page-writeback.c:2632
 unpin_user_pages_dirty_lock mm/gup.c:299 [inline]
 unpin_user_pages_dirty_lock+0x404/0x4c0 mm/gup.c:263
 process_vm_rw_single_vec mm/process_vm_access.c:126 [inline]
 process_vm_rw_core.constprop.0+0x7bb/0x990 mm/process_vm_access.c:215
 process_vm_rw+0x29c/0x300 mm/process_vm_access.c:283
 __do_sys_process_vm_writev mm/process_vm_access.c:303 [inline]
 __se_sys_process_vm_writev mm/process_vm_access.c:298 [inline]
 __x64_sys_process_vm_writev+0xdf/0x1b0 mm/process_vm_access.c:298
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f3584889049
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f35859cb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
RAX: ffffffffffffffda RBX: 00007f358499c030 RCX: 00007f3584889049
RDX: 0000000000000001 RSI: 0000000020c22000 RDI: 000000000000012e
RBP: 00007f35848e308d R08: 0000000000000001 R09: 0000000000000000
R10: 0000000020c22fa0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeca831cef R14: 00007f35859cb300 R15: 0000000000022000
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

Re: [syzbot] WARNING in ext4_dirty_folio

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit:    cf67838c4422 selftests net: fix bpf build error
git tree:       net
console+strace: https://syzkaller.appspot.com/x/log.txt?x=123c2173f00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=fc5a30a131480a80
dashboard link: https://syzkaller.appspot.com/bug?extid=ecab51a4a5b9f26eeaa1
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1342d5abf00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=11ecafebf00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ecab51a4a5b9f26eeaa1@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 0 PID: 4160 at fs/ext4/inode.c:3611 ext4_dirty_folio+0xf4/0x120 fs/ext4/inode.c:3611
Modules linked in:
CPU: 1 PID: 4160 Comm: syz-executor368 Not tainted 5.18.0-syzkaller-12117-gcf67838c4422 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_dirty_folio+0xf4/0x120 fs/ext4/inode.c:3611
Code: 1b 31 ff 48 c1 eb 03 83 e3 01 89 de e8 55 bf 5b ff 84 db 0f 85 72 ff ff ff e8 48 c3 5b ff 0f 0b e9 66 ff ff ff e8 3c c3 5b ff <0f> 0b eb 88 48 89 df e8 60 83 a8 ff e9 3d ff ff ff e8 56 83 a8 ff
RSP: 0018:ffffc90003dc7bd0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff88801e3d3b00 RSI: ffffffff821ec114 RDI: ffffea0001c4f3a8
RBP: ffffea0001c4f380 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff88806f147330
R13: dffffc0000000000 R14: ffffea0001c4f300 R15: ffffea0001c4f380
FS:  00007f6e25759700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000008c CR3: 0000000026be0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 folio_mark_dirty+0xc1/0x140 mm/page-writeback.c:2723
 unpin_user_pages_dirty_lock mm/gup.c:334 [inline]
 unpin_user_pages_dirty_lock+0x411/0x4c0 mm/gup.c:297
 xdp_umem_unpin_pages net/xdp/xdp_umem.c:28 [inline]
 xdp_umem_pin_pages net/xdp/xdp_umem.c:123 [inline]
 xdp_umem_reg net/xdp/xdp_umem.c:219 [inline]
 xdp_umem_create+0xced/0x1180 net/xdp/xdp_umem.c:252
 xsk_setsockopt+0x73e/0x9e0 net/xdp/xsk.c:1094
 __sys_setsockopt+0x2db/0x6a0 net/socket.c:2259
 __do_sys_setsockopt net/socket.c:2270 [inline]
 __se_sys_setsockopt net/socket.c:2267 [inline]
 __x64_sys_setsockopt+0xba/0x150 net/socket.c:2267
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f6e257c9a79
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6e25759308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f6e258534f8 RCX: 00007f6e257c9a79
RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000006
RBP: 00007f6e258534f0 R08: 0000000000200d6f R09: 0000000000000000
R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6e258534fc
R13: 00007f6e2582029c R14: 652e79726f6d656d R15: 0000000000022000
 </TASK>

Re: [syzbot] WARNING in ext4_dirty_folio

[Theodore Ts'o]

#syz set subsystems: mm

On Wed, Jun 08, 2022 at 04:36:20AM -0700, syzbot wrote:
> syzbot has found a reproducer for the following issue on:
> 
> HEAD commit:    cf67838c4422 selftests net: fix bpf build error
> git tree:       net
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=123c2173f00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=fc5a30a131480a80
> dashboard link: https://syzkaller.appspot.com/bug?extid=ecab51a4a5b9f26eeaa1
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1342d5abf00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=11ecafebf00000

The root cause of this failure is a fundamental bug / design flaw in
get_user_pages and related functions, which file system developers
have been complaining about for literally **years**.  See the recent
discussion at [1] and going back earlier to 2018[2][3] and 2019[4].

[1] https://lore.kernel.org/all/6b73e692c2929dc4613af711bdf92e2ec1956a66.1682638385.git.lstoakes@gmail.com/
[2] https://lwn.net/Articles/753027/
[3] https://lwn.net/Articles/774411/
[4] https://lwn.net/Articles/784574/

I'm going to reassign this to the mm subsystem, since there's not much
we can do on the file system end.  The WARNING is considered a good
thing because users can see silent data corruption/loss if they use
process_vm_writev() or RDMA to write to memory backed by a file.  And
while most users at large hyperscale scientific compute farms probably
won't be paying attention to the system logs, at least we've done
something to warn them.

Fortunately data corruption is rare (but when it happens it could
really screw with your results!), but if they are doing some large
scale simulation to evaluate the safety of nuclear weapons (for
example), it would be nice if they got at least some hint.

There is a potential solution discussed at [1], but there is push back
since it could break users by disallowing the thing that might cause
data corruption.  Why breaking user applications is bad, turning a
possible silent data corruption to a very visible, hard failure is
arguably a good thing....

						- Ted

Re: [syzbot] WARNING in ext4_dirty_folio

[syzbot]

> #syz set subsystems: mm

Your commands are accepted, but please keep syzkaller-bugs@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.

>
> On Wed, Jun 08, 2022 at 04:36:20AM -0700, syzbot wrote:
>> syzbot has found a reproducer for the following issue on:
>> 
>> HEAD commit:    cf67838c4422 selftests net: fix bpf build error
>> git tree:       net
>> console+strace: https://syzkaller.appspot.com/x/log.txt?x=123c2173f00000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=fc5a30a131480a80
>> dashboard link: https://syzkaller.appspot.com/bug?extid=ecab51a4a5b9f26eeaa1
>> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1342d5abf00000
>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=11ecafebf00000
>
> The root cause of this failure is a fundamental bug / design flaw in
> get_user_pages and related functions, which file system developers
> have been complaining about for literally **years**.  See the recent
> discussion at [1] and going back earlier to 2018[2][3] and 2019[4].
>
> [1] https://lore.kernel.org/all/6b73e692c2929dc4613af711bdf92e2ec1956a66.1682638385.git.lstoakes@gmail.com/
> [2] https://lwn.net/Articles/753027/
> [3] https://lwn.net/Articles/774411/
> [4] https://lwn.net/Articles/784574/
>
> I'm going to reassign this to the mm subsystem, since there's not much
> we can do on the file system end.  The WARNING is considered a good
> thing because users can see silent data corruption/loss if they use
> process_vm_writev() or RDMA to write to memory backed by a file.  And
> while most users at large hyperscale scientific compute farms probably
> won't be paying attention to the system logs, at least we've done
> something to warn them.
>
> Fortunately data corruption is rare (but when it happens it could
> really screw with your results!), but if they are doing some large
> scale simulation to evaluate the safety of nuclear weapons (for
> example), it would be nice if they got at least some hint.
>
> There is a potential solution discussed at [1], but there is push back
> since it could break users by disallowing the thing that might cause
> data corruption.  Why breaking user applications is bad, turning a
> possible silent data corruption to a very visible, hard failure is
> arguably a good thing....
>
> 						- Ted

Re: [syzbot] WARNING in ext4_dirty_folio

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+ecab51a4a5b9f26eeaa1@syzkaller.appspotmail.com

Tested on:

commit:         cf67838c selftests net: fix bpf build error
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git
console output: https://syzkaller.appspot.com/x/log.txt?x=16db1cd7f00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=fc5a30a131480a80
dashboard link: https://syzkaller.appspot.com/bug?extid=ecab51a4a5b9f26eeaa1
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch:          https://syzkaller.appspot.com/x/patch.diff?x=113aa46bf00000

Note: testing is done by a robot and is best-effort only.