bisecting cause commit starting from 559089e0a93d44280ec3ab478830af319c56dbe3 building syzkaller on 7d7bc7384ef404234239532c5c2a9af81b020152 testing commit 559089e0a93d44280ec3ab478830af319c56dbe3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d9aa92b0077380e59a997b73471b44c9ccb8421e262c717636412bc1d7743430 all runs: crashed: kernel BUG in __filemap_get_folio testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8c6bcd2208c2a2a88e5253ae715405bf8a5c0f5e24eeb382353966496bffe2d3 all runs: crashed: kernel BUG in __filemap_get_folio testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0203c0901058ffea4a7de4b646847d277dce0dedf829c5e4839205556518b5c4 all runs: OK # git bisect start f443e374ae131c168a065ea1748feac6b2e76613 df0cc57e057f18e44dac8e6c18aba47ab53202f9 Bisecting: 6995 revisions left to test after this (roughly 13 steps) [22ef12195e13c5ec58320dbf99ef85059a2c0820] Merge tag 'staging-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 22ef12195e13c5ec58320dbf99ef85059a2c0820 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 587230392d52fc68b9ce58c4c4920108a8c5082857c97ba7c41ac3d2a8bc6c22 all runs: OK # git bisect good 22ef12195e13c5ec58320dbf99ef85059a2c0820 Bisecting: 3520 revisions left to test after this (roughly 12 steps) [51620150ca2df62f8ea472ab8962be590c957288] cifs: update internal module number testing commit 51620150ca2df62f8ea472ab8962be590c957288 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bc70ae14a6a52da1c4a22dd5c45023d6010cc35bd635b752b576d0f1c5f9e795 all runs: crashed: kernel BUG in __filemap_get_folio # git bisect bad 51620150ca2df62f8ea472ab8962be590c957288 Bisecting: 1737 revisions left to test after this (roughly 11 steps) [3fb561b1e0bf4c75bc5f4d799845b08fa5ab3853] Merge tag 'mips_5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit 3fb561b1e0bf4c75bc5f4d799845b08fa5ab3853 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b5c7c3e7831e00572e4364e180e5625e475edf87df5a01876540eed8e30c0e08 all runs: crashed: kernel BUG in __filemap_get_folio # git bisect bad 3fb561b1e0bf4c75bc5f4d799845b08fa5ab3853 Bisecting: 859 revisions left to test after this (roughly 10 steps) [147cc5838c0f5c76e908b816e924ca378e0d4735] Merge tag 'irq-core-2022-01-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 147cc5838c0f5c76e908b816e924ca378e0d4735 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 139e017057f6481098b0e4ddaba65023f5f225767148a490e1acf857e90038c2 all runs: crashed: kernel BUG in __filemap_get_folio # git bisect bad 147cc5838c0f5c76e908b816e924ca378e0d4735 Bisecting: 424 revisions left to test after this (roughly 9 steps) [3acbdbf42e943d85174401357a6b6243479d4c76] Merge tag 'libnvdimm-for-5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm testing commit 3acbdbf42e943d85174401357a6b6243479d4c76 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 62350b608e692c73b990ee0a39fcb7cd256a636764d95872ece6cc27841a0d40 all runs: crashed: kernel BUG in __filemap_get_folio # git bisect bad 3acbdbf42e943d85174401357a6b6243479d4c76 Bisecting: 211 revisions left to test after this (roughly 8 steps) [57ea81971b7296b42fc77424af44c5915d3d4ae2] Merge tag 'usb-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 57ea81971b7296b42fc77424af44c5915d3d4ae2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 95c64bfda59aac56e5c687bff821d7d43ca95b6bd0d6b3398e69a69d4ac39bbe all runs: OK # git bisect good 57ea81971b7296b42fc77424af44c5915d3d4ae2 Bisecting: 106 revisions left to test after this (roughly 7 steps) [8975f8974888b3cd25aa8cf9eba24edbb9230bb2] Merge tag 'fuse-update-5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit 8975f8974888b3cd25aa8cf9eba24edbb9230bb2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f3d8a00979aea2f3e23fe2038cecf2545e396dfe5cf3be40465365513e3694cb all runs: crashed: kernel BUG in __filemap_get_folio # git bisect bad 8975f8974888b3cd25aa8cf9eba24edbb9230bb2 Bisecting: 52 revisions left to test after this (roughly 6 steps) [6020c204be997e3f5129839ff9c801800fb4336e] Merge tag 'folio-5.17' of git://git.infradead.org/users/willy/pagecache testing commit 6020c204be997e3f5129839ff9c801800fb4336e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e0357fc082fbf8a9ce6f4c5222f43ba449d12179620b440ae601a45abf01b4de all runs: crashed: kernel BUG in __filemap_get_folio # git bisect bad 6020c204be997e3f5129839ff9c801800fb4336e Bisecting: 25 revisions left to test after this (roughly 5 steps) [81f4c03b7de75727be438f8f3e1683e0b0d1556a] filemap: Drop the refcount while waiting for page lock testing commit 81f4c03b7de75727be438f8f3e1683e0b0d1556a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 587a25bdc283e0710c6e4049c3da2cb76441c12558b5103ed6acb7ed2f47af15 all runs: OK # git bisect good 81f4c03b7de75727be438f8f3e1683e0b0d1556a Bisecting: 12 revisions left to test after this (roughly 4 steps) [78f426608f21c997975adb96641b7ac82d4d15b1] truncate: Add invalidate_complete_folio2() testing commit 78f426608f21c997975adb96641b7ac82d4d15b1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c5524e9b43ff3cc2addfed0e70f156ea2da93ad89fe918d23e6f7232b038629d all runs: OK # git bisect good 78f426608f21c997975adb96641b7ac82d4d15b1 Bisecting: 6 revisions left to test after this (roughly 3 steps) [338f379cf7c21e3bc31186f303ac99dc5d2cc613] fs: Convert vfs_dedupe_file_range_compare to folios testing commit 338f379cf7c21e3bc31186f303ac99dc5d2cc613 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1dbb5ceb7392b5a8c23e8dab2e0ef01f5414d121240bb2b8773d2a1247a61fd9 all runs: OK # git bisect good 338f379cf7c21e3bc31186f303ac99dc5d2cc613 Bisecting: 3 revisions left to test after this (roughly 2 steps) [25a8de7f8d970ffa7263bd9d32a08138cd949f17] XArray: Add xas_advance() testing commit 25a8de7f8d970ffa7263bd9d32a08138cd949f17 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 219ef7845b20bf0addf4c5d68ec613dd6ee4007004d34a9c761f8cc9cca0c604 all runs: OK # git bisect good 25a8de7f8d970ffa7263bd9d32a08138cd949f17 Bisecting: 1 revision left to test after this (roughly 1 step) [81ff0be4b9e3bcfee022d71cf89d72f7e2ed41ba] Merge tag 'spdx-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx testing commit 81ff0be4b9e3bcfee022d71cf89d72f7e2ed41ba compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 95c64bfda59aac56e5c687bff821d7d43ca95b6bd0d6b3398e69a69d4ac39bbe all runs: OK # git bisect good 81ff0be4b9e3bcfee022d71cf89d72f7e2ed41ba Bisecting: 0 revisions left to test after this (roughly 0 steps) [6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3] mm: Use multi-index entries in the page cache testing commit 6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: da7b2cd37b71c8973fea82d68a8e8d0f11538d4aa8e9a57af2287e2716964fce all runs: crashed: kernel BUG in __filemap_get_folio # git bisect bad 6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3 6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3 is the first bad commit commit 6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3 Author: Matthew Wilcox (Oracle) Date: Sat Jun 27 22:19:08 2020 -0400 mm: Use multi-index entries in the page cache We currently store large folios as 2^N consecutive entries. While this consumes rather more memory than necessary, it also turns out to be buggy. A writeback operation which starts within a tail page of a dirty folio will not write back the folio as the xarray's dirty bit is only set on the head index. With multi-index entries, the dirty bit will be found no matter where in the folio the operation starts. This does end up simplifying the page cache slightly, although not as much as I had hoped. Signed-off-by: Matthew Wilcox (Oracle) Reviewed-by: William Kucharski include/linux/pagemap.h | 10 -------- mm/filemap.c | 61 +++++++++++++++++++++++++++++++------------------ mm/huge_memory.c | 18 +++++++++++---- mm/khugepaged.c | 12 +++++++++- mm/migrate.c | 8 ------- mm/shmem.c | 19 +++++++-------- 6 files changed, 72 insertions(+), 56 deletions(-) culprit signature: da7b2cd37b71c8973fea82d68a8e8d0f11538d4aa8e9a57af2287e2716964fce parent signature: 219ef7845b20bf0addf4c5d68ec613dd6ee4007004d34a9c761f8cc9cca0c604 revisions tested: 17, total time: 3h41m51.272773881s (build: 1h43m0.659972121s, test: 1h57m9.896989122s) first bad commit: 6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3 mm: Use multi-index entries in the page cache recipients (to): ["akpm@linux-foundation.org" "linux-mm@kvack.org" "william.kucharski@oracle.com" "willy@infradead.org"] recipients (cc): ["dhowells@redhat.com" "hughd@google.com" "kirill.shutemov@linux.intel.com" "linux-kernel@vger.kernel.org" "vbabka@suse.cz" "william.kucharski@oracle.com" "willy@infradead.org"] crash: kernel BUG in __filemap_get_folio shmem_truncate_range mm/shmem.c:1038 [inline] shmem_evict_inode+0x345/0xa90 mm/shmem.c:1120 evict+0x296/0x5d0 fs/inode.c:590 __dentry_kill+0x315/0x560 fs/dcache.c:582 shrink_dentry_list+0xe0/0x340 fs/dcache.c:1176 shrink_dcache_parent+0x178/0x2a0 fs/dcache.c:1627 do_one_tree fs/dcache.c:1657 [inline] shrink_dcache_for_umount+0x5c/0x2e0 fs/dcache.c:1674 generic_shutdown_super+0x5c/0x3a0 fs/super.c:447 kill_anon_super fs/super.c:1059 [inline] kill_litter_super+0x5a/0x80 fs/super.c:1068 deactivate_locked_super+0x7b/0x130 fs/super.c:335 cleanup_mnt+0x324/0x4d0 fs/namespace.c:1137 task_work_run+0xc0/0x160 kernel/task_work.c:164 ------------[ cut here ]------------ kernel BUG at mm/filemap.c:1917! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 6314 Comm: syz-executor.5 Not tainted 5.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__filemap_get_folio+0x72f/0x9c0 mm/filemap.c:1917 Code: 02 84 c0 74 09 3c 03 7f 05 e8 6d 13 1b 00 41 8b 46 58 48 39 c5 0f 82 68 fc ff ff 48 c7 c6 60 ec d3 88 4c 89 f7 e8 e1 ef 0a 00 <0f> 0b 4d 8d 6e 34 be 04 00 00 00 4c 89 ef e8 ae 16 1b 00 4c 89 e8 RSP: 0018:ffffc90005ed78e0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000182 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8920c520 RDI: ffff88801191a9ca RBP: 0000000000000080 R08: 0000000000000019 R09: ffff8880b9f33fc7 R10: ffffed10173e67f8 R11: 6f775f6b73617420 R12: dffffc0000000000 R13: ffffea0000b78d00 R14: ffffea0000b78d00 R15: ffffea0000b78d00 FS: 00007f0f22c1d700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f149ec93058 CR3: 00000000705cf000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: pagecache_get_page+0x10/0x100 mm/folio-compat.c:125 shmem_getpage_gfp+0x3a5/0x1b10 mm/shmem.c:1819 shmem_getpage mm/shmem.c:150 [inline] shmem_write_begin+0xcc/0x1a0 mm/shmem.c:2452 generic_perform_write+0x1c7/0x440 mm/filemap.c:3713 __generic_file_write_iter+0x182/0x480 mm/filemap.c:3840 generic_file_write_iter+0xb9/0x1c0 mm/filemap.c:3872 call_write_iter include/linux/fs.h:2162 [inline] new_sync_write+0x360/0x600 fs/read_write.c:503 vfs_write+0x609/0x900 fs/read_write.c:590 ksys_write+0xf4/0x1d0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f0f234a80e9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0f22c1d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f0f235baf60 RCX: 00007f0f234a80e9 RDX: 000000000208e24b RSI: 0000000020000080 RDI: 0000000000000004 RBP: 00007f0f2350208d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffec7560f4f R14: 00007f0f22c1d300 R15: 0000000000022000 Modules linked in: ---[ end trace a78d79c3cf96ca80 ]--- RIP: 0010:__filemap_get_folio+0x72f/0x9c0 mm/filemap.c:1917 Code: 02 84 c0 74 09 3c 03 7f 05 e8 6d 13 1b 00 41 8b 46 58 48 39 c5 0f 82 68 fc ff ff 48 c7 c6 60 ec d3 88 4c 89 f7 e8 e1 ef 0a 00 <0f> 0b 4d 8d 6e 34 be 04 00 00 00 4c 89 ef e8 ae 16 1b 00 4c 89 e8 RSP: 0018:ffffc90005ed78e0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000182 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8920c520 RDI: ffff88801191a9ca RBP: 0000000000000080 R08: 0000000000000019 R09: ffff8880b9f33fc7 R10: ffffed10173e67f8 R11: 6f775f6b73617420 R12: dffffc0000000000 R13: ffffea0000b78d00 R14: ffffea0000b78d00 R15: ffffea0000b78d00 FS: 00007f0f22c1d700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f149ec93058 CR3: 00000000705cf000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400