On Tue, Dec 16, 2025 at 02:42:06AM +0000, Matthew Wilcox wrote:
On Tue, Dec 16, 2025 at 09:37:51AM +0800, Jinchao Wang wrote:
On Mon, Dec 15, 2025 at 02:22:23PM +0000, Matthew Wilcox wrote:
On Mon, Dec 15, 2025 at 10:19:00PM +0800, Jinchao Wang wrote:
page_cache_ra_order() and page_cache_ra_unbounded() read mapping minimum folio constraints before taking the invalidate lock, allowing concurrent changes to violate page cache invariants.
Move the lookups under filemap_invalidate_lock_shared() to ensure readahead allocations respect the mapping constraints.
Why are the mapping folio size constraints being changed? They're supposed to be set at inode instantiation and then never changed.
They can change after instantiation for block devices. In the syzbot repro: blkdev_ioctl() -> blkdev_bszset() -> set_blocksize() -> mapping_set_folio_min_order()
Oh, this is just syzbot doing stupid things. We should probably make blkdev_bszset() fail if somebody else has an fd open.
Thanks, that makes sense. Tightening blkdev_bszset() would avoid the race entirely. This change is meant as a defensive fix to prevent BUGs.