From: Christoph Hellwig <hch@infradead.org>
To: Qian Cai <cai@lca.pw>
Cc: Matthew Wilcox <willy@infradead.org>,
darrick.wong@oracle.com, hch@infradead.org,
linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, khlebnikov@yandex-team.ru
Subject: Re: WARN_ON_ONCE(1) in iomap_dio_actor()
Date: Sun, 26 Jul 2020 16:24:12 +0100 [thread overview]
Message-ID: <20200726152412.GA26614@infradead.org> (raw)
In-Reply-To: <20200724182431.GA4871@lca.pw>
On Fri, Jul 24, 2020 at 02:24:32PM -0400, Qian Cai wrote:
> On Fri, Jun 19, 2020 at 05:17:47PM -0700, Matthew Wilcox wrote:
> > On Fri, Jun 19, 2020 at 05:17:50PM -0400, Qian Cai wrote:
> > > Running a syscall fuzzer by a normal user could trigger this,
> > >
> > > [55649.329999][T515839] WARNING: CPU: 6 PID: 515839 at fs/iomap/direct-io.c:391 iomap_dio_actor+0x29c/0x420
> > ...
> > > 371 static loff_t
> > > 372 iomap_dio_actor(struct inode *inode, loff_t pos, loff_t length,
> > > 373 void *data, struct iomap *iomap, struct iomap *srcmap)
> > > 374 {
> > > 375 struct iomap_dio *dio = data;
> > > 376
> > > 377 switch (iomap->type) {
> > > 378 case IOMAP_HOLE:
> > > 379 if (WARN_ON_ONCE(dio->flags & IOMAP_DIO_WRITE))
> > > 380 return -EIO;
> > > 381 return iomap_dio_hole_actor(length, dio);
> > > 382 case IOMAP_UNWRITTEN:
> > > 383 if (!(dio->flags & IOMAP_DIO_WRITE))
> > > 384 return iomap_dio_hole_actor(length, dio);
> > > 385 return iomap_dio_bio_actor(inode, pos, length, dio, iomap);
> > > 386 case IOMAP_MAPPED:
> > > 387 return iomap_dio_bio_actor(inode, pos, length, dio, iomap);
> > > 388 case IOMAP_INLINE:
> > > 389 return iomap_dio_inline_actor(inode, pos, length, dio, iomap);
> > > 390 default:
> > > 391 WARN_ON_ONCE(1);
> > > 392 return -EIO;
> > > 393 }
> > > 394 }
> > >
> > > Could that be iomap->type == IOMAP_DELALLOC ? Looking throught the logs,
> > > it contains a few pread64() calls until this happens,
> >
> > It _shouldn't_ be able to happen. XFS writes back ranges which exist
> > in the page cache upon seeing an O_DIRECT I/O. So it's not supposed to
> > be possible for there to be an extent which is waiting for the contents
> > of the page cache to be written back.
>
> Okay, it is IOMAP_DELALLOC. We have,
Can you share the fuzzer? If we end up with delalloc space here we
probably need to fix a bug in the cache invalidation code.
next prev parent reply other threads:[~2020-07-26 15:24 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-19 21:17 WARN_ON_ONCE(1) in iomap_dio_actor() Qian Cai
2020-06-20 0:17 ` Matthew Wilcox
2020-06-21 2:04 ` Qian Cai
2020-07-24 18:24 ` Qian Cai
2020-07-26 15:24 ` Christoph Hellwig [this message]
2020-07-26 22:51 ` Qian Cai
2020-08-11 2:03 ` Qian Cai
2020-08-13 5:44 ` Dave Chinner
2020-08-13 7:52 ` Qian Cai
2020-08-17 7:07 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200726152412.GA26614@infradead.org \
--to=hch@infradead.org \
--cc=cai@lca.pw \
--cc=darrick.wong@oracle.com \
--cc=khlebnikov@yandex-team.ru \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).