bisecting cause commit starting from ea922272cbe547bdf58da2aaf240d59782c6a009 building syzkaller on 49ca1f59e37fcf63dc38a6bd2b60fcc47a0a708e testing commit ea922272cbe547bdf58da2aaf240d59782c6a009 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b898c852a1a1b1201f0a3b7e1759a33d365e2a575001f4ac0c86f7cba2a644bc all runs: crashed: possible deadlock in split_huge_page_to_list testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 23b867ff5df3d6cb6b498368a18ae79abf8004bbd96dea98ad38033811273ce5 all runs: OK # git bisect start ea922272cbe547bdf58da2aaf240d59782c6a009 8bb7eca972ad531c9b149c0a51ab43a417385813 Bisecting: 10439 revisions left to test after this (roughly 13 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [241d7a9a41355e795762046d8551c6093cc74203] Merge branch 'for-5.16/upstream-fixes' into for-next testing commit 241d7a9a41355e795762046d8551c6093cc74203 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 495c2a62073890d33023f6b6dd6be879f91f7f84c3087987e388327e157d0735 all runs: OK # git bisect good 241d7a9a41355e795762046d8551c6093cc74203 Bisecting: 5215 revisions left to test after this (roughly 12 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [142d269fced540178597d5021b7b5217fed185cb] Merge branch 'dev' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git testing commit 142d269fced540178597d5021b7b5217fed185cb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6782b4fb6f78a02f0cc9dedce8a36829a4e56a561e9cbd26b09781826e5d2ec6 all runs: OK # git bisect good 142d269fced540178597d5021b7b5217fed185cb Bisecting: 2515 revisions left to test after this (roughly 11 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [c0cfbb5410b8b2f8943b2c09a8cf4821f7087fef] Merge branch 'drm-next' of git://git.freedesktop.org/git/drm/drm.git testing commit c0cfbb5410b8b2f8943b2c09a8cf4821f7087fef compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c4f6606f0b48b147a4e99c06c3be46aead31371e1ff9ec57db68174582b9428e all runs: OK # git bisect good c0cfbb5410b8b2f8943b2c09a8cf4821f7087fef Bisecting: 1258 revisions left to test after this (roughly 10 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [6f6e7624c9204c1530443af45ca4c00cd65bb984] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq.git testing commit 6f6e7624c9204c1530443af45ca4c00cd65bb984 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c6cf6a7be48f9ed8a727c2032d1e2cfda63f75f6094dd6cc1c5324f8bf920b8d run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 6f6e7624c9204c1530443af45ca4c00cd65bb984 Bisecting: 624 revisions left to test after this (roughly 9 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [4ffc672efe1d41b866ef65a4cdaf00740b73936d] Merge branch 'gpio/gpio-sim' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux.git testing commit 4ffc672efe1d41b866ef65a4cdaf00740b73936d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b25c17fcadc3106f6db5e952cb32664d8e7b943817f9552610b0d972c4b401e0 all runs: OK # git bisect good 4ffc672efe1d41b866ef65a4cdaf00740b73936d Bisecting: 309 revisions left to test after this (roughly 8 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [ac0b9899afbd43a41a39e4aa5a3cb32ac5329a5a] Merge branch 'bitmap-master-5.15' of https://guthub.com/norov/linux.git testing commit ac0b9899afbd43a41a39e4aa5a3cb32ac5329a5a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3feca74ddff56966d7a8f1e6520d0349b34461fee2fef986d8267fc84b5b2e1b all runs: crashed: possible deadlock in split_huge_page_to_list # git bisect bad ac0b9899afbd43a41a39e4aa5a3cb32ac5329a5a Bisecting: 156 revisions left to test after this (roughly 7 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [5e9e45a81f2cd1064750456e311d468a28f2b826] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching testing commit 5e9e45a81f2cd1064750456e311d468a28f2b826 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 72b5a736cd269036af3c9b57cea93562e6125b7c48daca59fb55182967a36677 all runs: OK # git bisect good 5e9e45a81f2cd1064750456e311d468a28f2b826 Bisecting: 79 revisions left to test after this (roughly 6 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [ad3e22445a2ddec524a26c9c65bf2b44e7491763] Merge branch 'rust-next' of https://github.com/Rust-for-Linux/linux.git testing commit ad3e22445a2ddec524a26c9c65bf2b44e7491763 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 06a68e306c378354f1b562d4b3ed2af10dae11387c00b4228d0e311b37969965 all runs: OK # git bisect good ad3e22445a2ddec524a26c9c65bf2b44e7491763 Bisecting: 39 revisions left to test after this (roughly 5 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [1710c4012463c0f5e246d174eefd9c30aa6f3ecd] filemap: Convert filemap_get_read_batch() to use a folio_batch testing commit 1710c4012463c0f5e246d174eefd9c30aa6f3ecd compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 81e004100e5790f29ecfd6cabf41a45459eb8fb5e913b8bb5549e4dfb77671de all runs: OK # git bisect good 1710c4012463c0f5e246d174eefd9c30aa6f3ecd Bisecting: 16 revisions left to test after this (roughly 4 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [21e4fce9eea85dfd23ab0214ea53c2a33d2bbc31] Merge branch 'for-next' of git://git.infradead.org/users/willy/pagecache.git testing commit 21e4fce9eea85dfd23ab0214ea53c2a33d2bbc31 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1ada57e8557fae2414b943eed67025f75c4e2981a570fcf49fe784c0eef16b22 all runs: crashed: possible deadlock in split_huge_page_to_list # git bisect bad 21e4fce9eea85dfd23ab0214ea53c2a33d2bbc31 Bisecting: 11 revisions left to test after this (roughly 4 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [814dff9ae234d70003b8733a637fec621c90f0bc] cxl/test: Mock acpi_table_parse_cedt() testing commit 814dff9ae234d70003b8733a637fec621c90f0bc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 06dc37583eebf0e680b8837e2add86d8800e58164c110b89fd56b6d198fe25df all runs: OK # git bisect good 814dff9ae234d70003b8733a637fec621c90f0bc Bisecting: 5 revisions left to test after this (roughly 3 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [8842c9c235249caf51f1e2a5bcf977c66cf0d4d7] truncate,shmem: Handle truncates that split large folios testing commit 8842c9c235249caf51f1e2a5bcf977c66cf0d4d7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b8037e56e4a3100be2881087646c8ad83c5801984946fdaa71ff42a468a4ad1b all runs: OK # git bisect good 8842c9c235249caf51f1e2a5bcf977c66cf0d4d7 Bisecting: 2 revisions left to test after this (roughly 2 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [d3c577a6e689e678e2240d5105e11bdd20483fc8] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl.git testing commit d3c577a6e689e678e2240d5105e11bdd20483fc8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d3910507b894f152d85e58bac5787e695302f6e11cf01be2af08f80dbf4404bb all runs: OK # git bisect good d3c577a6e689e678e2240d5105e11bdd20483fc8 Bisecting: 0 revisions left to test after this (roughly 1 step) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [3ebffc96befbaf9de9297b00d67091bb702fad8e] mm: Use multi-index entries in the page cache testing commit 3ebffc96befbaf9de9297b00d67091bb702fad8e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b703df5497e6ae3edd5a5c5d0ec036f5833b3df1400d86a05efbf3ad183d241b all runs: crashed: possible deadlock in split_huge_page_to_list # git bisect bad 3ebffc96befbaf9de9297b00d67091bb702fad8e Bisecting: 0 revisions left to test after this (roughly 0 steps) warning: unable to access '/syzkaller/.config/git/ignore': Permission denied warning: unable to access '/syzkaller/.config/git/attributes': Permission denied [c6ffa20761419cb5634f86447237427bcb355a86] XArray: Add xas_advance() testing commit c6ffa20761419cb5634f86447237427bcb355a86 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 550c07d4262b488782beb1eb95c2bb962e7be0d73b16342b6ba403cfef723543 all runs: OK # git bisect good c6ffa20761419cb5634f86447237427bcb355a86 warning: unable to access '/syzkaller/.config/git/attributes': Permission denied 3ebffc96befbaf9de9297b00d67091bb702fad8e is the first bad commit commit 3ebffc96befbaf9de9297b00d67091bb702fad8e Author: Matthew Wilcox (Oracle) Date: Sat Jun 27 22:19:08 2020 -0400 mm: Use multi-index entries in the page cache We currently store large folios as 2^N consecutive entries. While this consumes rather more memory than necessary, it also turns out to be buggy. A writeback operation which starts within a tail page of a dirty folio will not write back the folio as the xarray's dirty bit is only set on the head index. With multi-index entries, the dirty bit will be found no matter where in the folio the operation starts. This does end up simplifying the page cache slightly, although not as much as I had hoped. Signed-off-by: Matthew Wilcox (Oracle) include/linux/pagemap.h | 10 -------- mm/filemap.c | 61 +++++++++++++++++++++++++++++++------------------ mm/huge_memory.c | 20 ++++++++++++---- mm/khugepaged.c | 12 +++++++++- mm/migrate.c | 8 ------- mm/shmem.c | 16 +++++-------- 6 files changed, 72 insertions(+), 55 deletions(-) culprit signature: b703df5497e6ae3edd5a5c5d0ec036f5833b3df1400d86a05efbf3ad183d241b parent signature: 550c07d4262b488782beb1eb95c2bb962e7be0d73b16342b6ba403cfef723543 revisions tested: 17, total time: 3h4m16.108607764s (build: 2h15m14.47444726s, test: 47m10.645522404s) first bad commit: 3ebffc96befbaf9de9297b00d67091bb702fad8e mm: Use multi-index entries in the page cache recipients (to): ["akpm@linux-foundation.org" "linux-mm@kvack.org" "willy@infradead.org"] recipients (cc): ["dhowells@redhat.com" "hughd@google.com" "linux-kernel@vger.kernel.org" "willy@infradead.org"] crash: possible deadlock in split_huge_page_to_list ====================================================== WARNING: possible circular locking dependency detected 5.16.0-rc4-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor372/4062 is trying to acquire lock: ffffffff8ac98640 (fs_reclaim){+.+.}-{0:0}, at: might_alloc include/linux/sched/mm.h:227 [inline] ffffffff8ac98640 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook mm/slab.h:492 [inline] ffffffff8ac98640 (fs_reclaim){+.+.}-{0:0}, at: slab_alloc_node mm/slub.c:3148 [inline] ffffffff8ac98640 (fs_reclaim){+.+.}-{0:0}, at: slab_alloc mm/slub.c:3242 [inline] ffffffff8ac98640 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc+0x3e/0x3a0 mm/slub.c:3247 but task is already holding lock: ffff88807c7b6850 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:513 [inline] ffff88807c7b6850 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: split_huge_page_to_list+0x34a/0x2990 mm/huge_memory.c:2657 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&mapping->i_mmap_rwsem){++++}-{3:3}: down_write+0x90/0x150 kernel/locking/rwsem.c:1523 i_mmap_lock_write include/linux/fs.h:498 [inline] dma_resv_lockdep+0x2cd/0x44d drivers/dma-buf/dma-resv.c:691 do_one_initcall+0xbe/0x440 init/main.c:1297 do_initcall_level init/main.c:1370 [inline] do_initcalls init/main.c:1386 [inline] do_basic_setup init/main.c:1405 [inline] kernel_init_freeable+0x5ab/0x605 init/main.c:1610 kernel_init+0x14/0x130 init/main.c:1499 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 -> #0 (fs_reclaim){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3063 [inline] check_prevs_add kernel/locking/lockdep.c:3186 [inline] validate_chain kernel/locking/lockdep.c:3801 [inline] __lock_acquire+0x2985/0x5410 kernel/locking/lockdep.c:5027 lock_acquire kernel/locking/lockdep.c:5637 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602 __fs_reclaim_acquire mm/page_alloc.c:4535 [inline] fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4549 might_alloc include/linux/sched/mm.h:227 [inline] slab_pre_alloc_hook mm/slab.h:492 [inline] slab_alloc_node mm/slub.c:3148 [inline] slab_alloc mm/slub.c:3242 [inline] kmem_cache_alloc+0x3e/0x3a0 mm/slub.c:3247 xas_split_alloc+0x108/0x480 lib/xarray.c:1017 split_huge_page_to_list+0x5a6/0x2990 mm/huge_memory.c:2683 split_huge_page include/linux/huge_mm.h:192 [inline] truncate_inode_partial_folio+0x49c/0x710 mm/truncate.c:275 shmem_undo_range+0x551/0xf70 mm/shmem.c:954 shmem_truncate_range mm/shmem.c:1032 [inline] shmem_fallocate+0x8cd/0xcd0 mm/shmem.c:2652 vfs_fallocate+0x2a5/0xb90 fs/open.c:307 ksys_fallocate fs/open.c:330 [inline] __do_sys_fallocate fs/open.c:338 [inline] __se_sys_fallocate fs/open.c:336 [inline] __x64_sys_fallocate+0xb0/0x100 fs/open.c:336 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&mapping->i_mmap_rwsem); lock(fs_reclaim); lock(&mapping->i_mmap_rwsem); lock(fs_reclaim); *** DEADLOCK *** 3 locks held by syz-executor372/4062: #0: ffff88807de5a460 (sb_writers#3){.+.+}-{0:0}, at: ksys_fallocate fs/open.c:330 [inline] #0: ffff88807de5a460 (sb_writers#3){.+.+}-{0:0}, at: __do_sys_fallocate fs/open.c:338 [inline] #0: ffff88807de5a460 (sb_writers#3){.+.+}-{0:0}, at: __se_sys_fallocate fs/open.c:336 [inline] #0: ffff88807de5a460 (sb_writers#3){.+.+}-{0:0}, at: __x64_sys_fallocate+0xb0/0x100 fs/open.c:336 #1: ffff88807c7b65f8 (&sb->s_type->i_mutex_key#8){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:783 [inline] #1: ffff88807c7b65f8 (&sb->s_type->i_mutex_key#8){+.+.}-{3:3}, at: shmem_fallocate+0x135/0xcd0 mm/shmem.c:2628 #2: ffff88807c7b6850 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:513 [inline] #2: ffff88807c7b6850 (&mapping->i_mmap_rwsem){++++}-{3:3}, at: split_huge_page_to_list+0x34a/0x2990 mm/huge_memory.c:2657 stack backtrace: CPU: 1 PID: 4062 Comm: syz-executor372 Not tainted 5.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2143 check_prev_add kernel/locking/lockdep.c:3063 [inline] check_prevs_add kernel/locking/lockdep.c:3186 [inline] validate_chain kernel/locking/lockdep.c:3801 [inline] __lock_acquire+0x2985/0x5410 kernel/locking/lockdep.c:5027 lock_acquire kernel/locking/lockdep.c:5637 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602 __fs_reclaim_acquire mm/page_alloc.c:4535 [inline] fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4549 might_alloc include/linux/sched/mm.h:227 [inline] slab_pre_alloc_hook mm/slab.h:492 [inline] slab_alloc_node mm/slub.c:3148 [inline] slab_alloc mm/slub.c:3242 [inline] kmem_cache_alloc+0x3e/0x3a0 mm/slub.c:3247 xas_split_alloc+0x108/0x480 lib/xarray.c:1017 split_huge_page_to_list+0x5a6/0x2990 mm/huge_memory.c:2683 split_huge_page include/linux/huge_mm.h:192 [inline] truncate_inode_partial_folio+0x49c/0x710 mm/truncate.c:275 shmem_undo_range+0x551/0xf70 mm/shmem.c:954 shmem_truncate_range mm/shmem.c:1032 [inline] shmem_fallocate+0x8cd/0xcd0 mm/shmem.c:2652 vfs_fallocate+0x2a5/0xb90 fs/open.c:307 ksys_fallocate fs/open.c:330 [inline] __do_sys_fallocate fs/open.c:338 [inline] __se_sys_fallocate fs/open.c:336 [inline] __x64_sys_fallocate+0xb0/0x100 fs/open.c:336 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f08c6fe4809 Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd752649e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f08c6fe4809