From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from fout-a8-smtp.messagingengine.com (fout-a8-smtp.messagingengine.com [103.168.172.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 45D1C7081E; Fri, 6 Mar 2026 20:22:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=103.168.172.151 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772828530; cv=none; b=syaxeqvbDvllO6moLaIj5MpmX61VBAVIJ+SRk9zjFED51fCEht2QaiNR/bycSYdkImd9czOStGPusQ5dl4W6GyM5f+KBIgXK3wQX74Kh55Pv/AIPqHvDEUACvshK7RiP7odew3CGK36ETc7IjXUzzq/MZ2SUTgty4ZDGGW61uS0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772828530; c=relaxed/simple; bh=K0y817XrEcM6UP0c/zCyihz+HLAEaHeZKH+FSYuUoOo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=FPrEnXIUimVTLKJLRVyvC4LFsbKojCfdRSFuSwMQA+jvZoovyO6jeYnrFaK/ir/JGTZTlDWr8NYaEoHCu2x+ExRugVX9Ep5l1UgalSPCojhj7jKnTAcQ789BrKuZ7pvpCb5xdN+R+sv4Dc39CPH/8UwG73J42Sd/ftff3wIjSAM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=shutemov.name; spf=pass smtp.mailfrom=shutemov.name; dkim=pass (2048-bit key) header.d=shutemov.name header.i=@shutemov.name header.b=Zph/wY/I; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=nmepC9T4; arc=none smtp.client-ip=103.168.172.151 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=shutemov.name Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=shutemov.name Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=shutemov.name header.i=@shutemov.name header.b="Zph/wY/I"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="nmepC9T4" Received: from phl-compute-05.internal (phl-compute-05.internal [10.202.2.45]) by mailfout.phl.internal (Postfix) with ESMTP id 8C59EEC0647; Fri, 6 Mar 2026 15:22:08 -0500 (EST) Received: from phl-frontend-04 ([10.202.2.163]) by phl-compute-05.internal (MEProxy); Fri, 06 Mar 2026 15:22:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1772828528; x= 1772914928; bh=j7EtY5Lz6n2cvujZXVeWfFZYsYZf69ABvyin+RZQ0Q8=; b=Z ph/wY/IEol1x6H1EYgH2MfUvAJKVETBUvihjPzrfUUItMoike+nJP6Gjj79USsjY G7Nb/VnJRaIVJHiErMWaFPvnSnAzieGuMrr4Xnz3ZZpQ642Bx1b2hy+sm935SU8l VM6PDuujyIYot89qIOxlT9vWV1an7kyJ5pVkXC2NpB/4YCkHPohTo2hSpWp8AFVy X2mn8H5+v/gJAxDiZhwtyGikHJFETr+Mb5yhirLfjRHL66s97sPBQpd4+IVOkXXG pPNqFWlRGl9q6WOEL/QZcx9ApmNR8nfcS4FhHGY/BKyXf7A04U9tdXKZ6LYP5rNC rzLmgPXSaJXSzyZW9OKvA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1772828528; x=1772914928; bh=j7EtY5Lz6n2cvujZXVeWfFZYsYZf69ABvyi n+RZQ0Q8=; b=nmepC9T4PQNYNzYu49wyYt1WVTI6wLnAja7EtozQ1LHUkeid0cB 2tgb+inndnKSBw7vz93cQMoPjEGlNTnTiNRxSuHZZ+7ZndbVs+YHgRcnbCjigZWO YxN4QH6EoFFLBd0ggivx8jJIiHEsWJqUjZJ1lbLN/XZOQVVSvyJpx/X4dz5OzHLH U+KW+6e8MUiKe5z/Ty8dTkldeyiG8oNSArU77r/ShgQowhaDK69PtVHPGzFtMzKG yWj5iZJ9Y2qYgkRp3kYmFYHK4ovy40DBM2xhe4cWy4MfBAV0mqZ7MqJcZbTv/o2Q 0+KDCQ7MqzusyTVEdvs26iSIodocTIatMvg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddvjedtvdegucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhepfffhvfevuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepmfhirhihlhcu ufhhuhhtshgvmhgruhcuoehkihhrihhllhesshhhuhhtvghmohhvrdhnrghmvgeqnecugg ftrfgrthhtvghrnhepfeetheejudeujeeikeetudelvdevkeefuddtkedvtdehtdetieeu ieetjeeugedtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepkhhirhhilhhlsehshhhuthgvmhhovhdrnhgrmhgvpdhnsggprhgtphhtthhopedu iedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtoheptggrrhhgvghssegtlhhouhgufh hlrghrvgdrtghomhdprhgtphhtthhopeifihhllhihsehinhhfrhgruggvrggurdhorhhg pdhrtghpthhtoheprghkphhmsehlihhnuhigqdhfohhunhgurghtihhonhdrohhrghdprh gtphhtthhopeifihhllhhirghmrdhkuhgthhgrrhhskhhisehorhgrtghlvgdrtghomhdp rhgtphhtthhopehlihhnuhigqdhfshguvghvvghlsehvghgvrhdrkhgvrhhnvghlrdhorh hgpdhrtghpthhtoheplhhinhhugidqmhhmsehkvhgrtghkrdhorhhgpdhrtghpthhtohep lhhinhhugidqkhgvrhhnvghlsehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoh epkhgvrhhnvghlqdhtvggrmhestghlohhuughflhgrrhgvrdgtohhm X-ME-Proxy: Feedback-ID: ie3994620:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 6 Mar 2026 15:22:06 -0500 (EST) Date: Fri, 6 Mar 2026 20:21:59 +0000 From: Kiryl Shutsemau To: Chris Arges Cc: Matthew Wilcox , akpm@linux-foundation.org, william.kucharski@oracle.com, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-team@cloudflare.com Subject: Re: [PATCH RFC 1/1] mm/filemap: handle large folio split race in page cache lookups Message-ID: References: <20260305183438.1062312-1-carges@cloudflare.com> <20260305183438.1062312-2-carges@cloudflare.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Fri, Mar 06, 2026 at 02:11:22PM -0600, Chris Arges wrote: > On 2026-03-06 16:28:19, Matthew Wilcox wrote: > > On Fri, Mar 06, 2026 at 02:13:26PM +0000, Kiryl Shutsemau wrote: > > > On Thu, Mar 05, 2026 at 07:24:38PM +0000, Matthew Wilcox wrote: > > > > folio_split() needs to be sure that it's the only one holding a reference > > > > to the folio. To that end, it calculates the expected refcount of the > > > > folio, and freezes it (sets the refcount to 0 if the refcount is the > > > > expected value). Once filemap_get_entry() has incremented the refcount, > > > > freezing will fail. > > > > > > > > But of course, we can race. filemap_get_entry() can load a folio first, > > > > the entire folio_split can happen, then it calls folio_try_get() and > > > > succeeds, but it no longer covers the index we were looking for. That's > > > > what the xas_reload() is trying to prevent -- if the index is for a > > > > folio which has changed, then the xas_reload() should come back with a > > > > different folio and we goto repeat. > > > > > > > > So how did we get through this with a reference to the wrong folio? > > > > > > What would xas_reload() return if we raced with split and index pointed > > > to a tail page before the split? > > > > > > Wouldn't it return the folio that was a head and check will pass? > > > > It's not supposed to return the head in this case. But, check the code: > > > > if (!node) > > return xa_head(xas->xa); > > if (IS_ENABLED(CONFIG_XARRAY_MULTI)) { > > offset = (xas->xa_index >> node->shift) & XA_CHUNK_MASK; > > entry = xa_entry(xas->xa, node, offset); > > if (!xa_is_sibling(entry)) > > return entry; > > offset = xa_to_sibling(entry); > > } > > return xa_entry(xas->xa, node, offset); > > > > (obviously CONFIG_XARRAY_MULTI is enabled) > > > Yes we have this CONFIG enabled. > > Also FWIW, happy to run some additional experiments or more debugging. We _can_ > reproduce this, as a machine hits this about every day on a sample of ~128 > machines. We also do get crashdumps so we can poke around there as needed. > > I was going to deploy this patch onto a subset of machines, but reading through > this thread I'm a bit concerned if a retry doesn't actually fix the problem, > then we will just loop on this condition and hang. I would be useful to know if the condition is persistent or if retry "fixes" the problem. -- Kiryl Shutsemau / Kirill A. Shutemov