bisecting cause commit starting from 49afce6d47fe05ee01f1a41129b835fe4cca7eea building syzkaller on a41ca8fa8285754d8561dcc3ed54cca2da60eed7 testing commit 49afce6d47fe05ee01f1a41129b835fe4cca7eea with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in mpage_prepare_extent_to_map testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 49afce6d47fe05ee01f1a41129b835fe4cca7eea v5.3 Bisecting: 11432 revisions left to test after this (roughly 14 steps) [7ce1e15d9a85a2b589a68a04afb2b2ded109b680] Merge tag 'for_v5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs testing commit 7ce1e15d9a85a2b589a68a04afb2b2ded109b680 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7ce1e15d9a85a2b589a68a04afb2b2ded109b680 Bisecting: 5734 revisions left to test after this (roughly 13 steps) [eaa4cb7909714ee675c2fd70a08758eb7812a5c7] Merge remote-tracking branch 'hwmon-staging/hwmon-next' testing commit eaa4cb7909714ee675c2fd70a08758eb7812a5c7 with gcc (GCC) 8.1.0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: WARNING: workqueue cpumask: online intersect > possible intersect # git bisect good eaa4cb7909714ee675c2fd70a08758eb7812a5c7 Bisecting: 2862 revisions left to test after this (roughly 12 steps) [592b1a9b0b278ec0766d8a0e3be26fd8fac21b30] Merge remote-tracking branch 'drm/drm-next' testing commit 592b1a9b0b278ec0766d8a0e3be26fd8fac21b30 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 592b1a9b0b278ec0766d8a0e3be26fd8fac21b30 Bisecting: 1415 revisions left to test after this (roughly 11 steps) [f24347bd5810152bb79f160681558e432aae80e7] Merge remote-tracking branch 'rcu/rcu/next' testing commit f24347bd5810152bb79f160681558e432aae80e7 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f24347bd5810152bb79f160681558e432aae80e7 Bisecting: 704 revisions left to test after this (roughly 10 steps) [9e8f2741655e0f35a3fe5ed8936766608a0ff505] Merge remote-tracking branch 'cgroup/for-next' testing commit 9e8f2741655e0f35a3fe5ed8936766608a0ff505 with gcc (GCC) 8.1.0 run #0: boot failed: failed to create instance: googleapi: Error 503: Internal error. Please try again or contact Google Support. (Code: '898200636201308609'), backendError run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 9e8f2741655e0f35a3fe5ed8936766608a0ff505 Bisecting: 350 revisions left to test after this (roughly 9 steps) [1b39fa15d7070d04d7f36e27665b96dc2e91d370] Merge remote-tracking branch 'coresight/next' testing commit 1b39fa15d7070d04d7f36e27665b96dc2e91d370 with gcc (GCC) 8.1.0 failed: failed to create VM pool: failed to init gce: error getting instance info: googleapi: Error 503: Internal error. Please try again or contact Google Support. (Code: '2747074794207526445'), backendError # git bisect skip 1b39fa15d7070d04d7f36e27665b96dc2e91d370 Bisecting: 350 revisions left to test after this (roughly 9 steps) [24c7c0a6d3de68b6e15532d18749e561d260c160] scsi: lpfc: Fix host hang at boot or slow boot testing commit 24c7c0a6d3de68b6e15532d18749e561d260c160 with gcc (GCC) 8.1.0 failed: failed to create VM pool: failed to init gce: error getting instance info: googleapi: Error 503: Internal error. Please try again or contact Google Support. (Code: '8022657052909099134'), backendError # git bisect skip 24c7c0a6d3de68b6e15532d18749e561d260c160 Bisecting: 350 revisions left to test after this (roughly 9 steps) [ba861eeaefd0282a7f67bcde7e2720d0c1bbcce7] .gitattributes: Use 'dts' diff driver for dts files testing commit ba861eeaefd0282a7f67bcde7e2720d0c1bbcce7 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in mpage_prepare_extent_to_map # git bisect bad ba861eeaefd0282a7f67bcde7e2720d0c1bbcce7 Bisecting: 57 revisions left to test after this (roughly 6 steps) [9ca79bac979c6cb0d3a5c3bf6e229b48924ff750] mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() testing commit 9ca79bac979c6cb0d3a5c3bf6e229b48924ff750 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in mpage_prepare_extent_to_map # git bisect bad 9ca79bac979c6cb0d3a5c3bf6e229b48924ff750 Bisecting: 29 revisions left to test after this (roughly 5 steps) [1a747c1ae5c3d973e54119bba0fca029bab3b047] mm: drop mmap_sem before calling balance_dirty_pages() in write fault testing commit 1a747c1ae5c3d973e54119bba0fca029bab3b047 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/workdir/repro.prog" "root@10.128.0.226:./repro.prog"]: exit status 1 Warning: Permanently added '10.128.0.226' (ECDSA) to the list of known hosts. /syzkaller/jobs/linux/workdir/repro.prog: Broken pipe run #1: crashed: INFO: task hung in mpage_prepare_extent_to_map run #2: crashed: INFO: task hung in mpage_prepare_extent_to_map run #3: crashed: INFO: task hung in mpage_prepare_extent_to_map run #4: crashed: INFO: task hung in mpage_prepare_extent_to_map run #5: crashed: INFO: task hung in mpage_prepare_extent_to_map run #6: crashed: INFO: task hung in mpage_prepare_extent_to_map run #7: crashed: INFO: task hung in mpage_prepare_extent_to_map run #8: crashed: INFO: task hung in mpage_prepare_extent_to_map run #9: crashed: INFO: task hung in mpage_prepare_extent_to_map # git bisect bad 1a747c1ae5c3d973e54119bba0fca029bab3b047 Bisecting: 14 revisions left to test after this (roughly 4 steps) [49a63b41b10bf20247a871c7ac81987dbf575682] ramfs: support O_TMPFILE testing commit 49a63b41b10bf20247a871c7ac81987dbf575682 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in mpage_prepare_extent_to_map run #1: crashed: INFO: task hung in mpage_prepare_extent_to_map run #2: crashed: INFO: task hung in mpage_prepare_extent_to_map run #3: crashed: INFO: task hung in mpage_prepare_extent_to_map run #4: crashed: INFO: task hung in mpage_prepare_extent_to_map run #5: crashed: INFO: task hung in mpage_prepare_extent_to_map run #6: crashed: INFO: task hung in mpage_prepare_extent_to_map run #7: crashed: INFO: task hung in mpage_prepare_extent_to_map run #8: crashed: INFO: task hung in mpage_prepare_extent_to_map run #9: OK # git bisect bad 49a63b41b10bf20247a871c7ac81987dbf575682 Bisecting: 6 revisions left to test after this (roughly 3 steps) [95ae151fc7286b8ce0e079321e95c76e5c071ca0] mm, meminit: recalculate pcpu batch and high limits after init completes testing commit 95ae151fc7286b8ce0e079321e95c76e5c071ca0 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in mpage_prepare_extent_to_map run #1: crashed: INFO: task hung in mpage_prepare_extent_to_map run #2: crashed: INFO: task hung in mpage_prepare_extent_to_map run #3: crashed: INFO: task hung in mpage_prepare_extent_to_map run #4: crashed: INFO: task hung in mpage_prepare_extent_to_map run #5: crashed: INFO: task hung in mpage_prepare_extent_to_map run #6: crashed: INFO: task hung in mpage_prepare_extent_to_map run #7: crashed: INFO: task hung in mpage_prepare_extent_to_map run #8: crashed: INFO: task hung in mpage_prepare_extent_to_map run #9: OK # git bisect bad 95ae151fc7286b8ce0e079321e95c76e5c071ca0 Bisecting: 3 revisions left to test after this (roughly 2 steps) [9c61acffe2b8833152041f7b6a02d1d0a17fd378] mm,thp: recheck each page before collapsing file THP testing commit 9c61acffe2b8833152041f7b6a02d1d0a17fd378 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: WARNING in collapse_file run #1: basic kernel testing failed: WARNING in collapse_file run #2: basic kernel testing failed: WARNING in collapse_file run #3: basic kernel testing failed: WARNING in collapse_file run #4: basic kernel testing failed: WARNING in collapse_file run #5: basic kernel testing failed: WARNING in collapse_file run #6: crashed: WARNING in collapse_file run #7: crashed: WARNING in collapse_file run #8: crashed: WARNING in collapse_file run #9: crashed: WARNING in collapse_file # git bisect bad 9c61acffe2b8833152041f7b6a02d1d0a17fd378 Bisecting: 1 revision left to test after this (roughly 1 step) [7e7d0344aae45b0264cf92556274affd6d13cd11] /proc/kpageflags: prevent an integer overflow in stable_page_flags() testing commit 7e7d0344aae45b0264cf92556274affd6d13cd11 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7e7d0344aae45b0264cf92556274affd6d13cd11 Bisecting: 0 revisions left to test after this (roughly 0 steps) [87c469b00169075aa83d70ac7a38d00224954651] /proc/kpageflags: do not use uninitialized struct pages testing commit 87c469b00169075aa83d70ac7a38d00224954651 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 87c469b00169075aa83d70ac7a38d00224954651 9c61acffe2b8833152041f7b6a02d1d0a17fd378 is the first bad commit commit 9c61acffe2b8833152041f7b6a02d1d0a17fd378 Author: Song Liu Date: Wed Oct 23 11:24:28 2019 +1100 mm,thp: recheck each page before collapsing file THP In collapse_file(), for !is_shmem case, current check cannot guarantee the locked page is up-to-date. Specifically, xas_unlock_irq() should not be called before lock_page() and get_page(); and it is necessary to recheck PageUptodate() after locking the page. With this bug and CONFIG_READ_ONLY_THP_FOR_FS=y, madvise(HUGE)'ed .text may contain corrupted data. This is because khugepaged mistakenly collapses some not up-to-date sub pages into a huge page, and assumes the huge page is up-to-date. This will NOT corrupt data in the disk, because the page is read-only and never written back. Fix this by properly checking PageUptodate() after locking the page. This check replaces "VM_BUG_ON_PAGE(!PageUptodate(page), page);". Also, move PageDirty() check after locking the page. Current khugepaged only collapse read-only .text. Therefore, the page could only be dirty if it hasn't been flushed since first write. In such case, calls filemap_flush() and defer the collapse. Link: http://lkml.kernel.org/r/20191018180345.4188310-1-songliubraving@fb.com Fixes: 99cb0dbd47a1 ("mm,thp: add read-only THP support for (non-shmem) FS") Signed-off-by: Song Liu Acked-by: Johannes Weiner Cc: Kirill A. Shutemov Cc: Hugh Dickins Cc: William Kucharski Signed-off-by: Andrew Morton Signed-off-by: Stephen Rothwell :040000 040000 64ef2b707a22ae2cb6ac656f247281a994042d15 93798e2b4aa4a1d8037bf3f1d4441f601971db45 M mm revisions tested: 17, total time: 4h22m16.265684546s (build: 1h45m42.291147977s, test: 2h30m13.711907418s) first bad commit: 9c61acffe2b8833152041f7b6a02d1d0a17fd378 mm,thp: recheck each page before collapsing file THP cc: ["akpm@linux-foundation.org" "hannes@cmpxchg.org" "hughd@google.com" "kirill.shutemov@linux.intel.com" "sfr@canb.auug.org.au" "songliubraving@fb.com" "william.kucharski@oracle.com"] crash: WARNING in collapse_file ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1078 at mm/khugepaged.c:1643 collapse_file+0x1ea8/0x3150 mm/khugepaged.c:1660 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 1078 Comm: khugepaged Not tainted 5.4.0-rc4+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 panic+0x22a/0x4e3 kernel/panic.c:221 __warn.cold.11+0x25/0x30 kernel/panic.c:582 report_bug+0x1b0/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:179 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:291 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028 RIP: 0010:collapse_file+0x1ea8/0x3150 mm/khugepaged.c:1643 Code: ff e8 7c f5 61 ff e9 fc f4 ff ff 48 8b b5 50 fe ff ff 31 c9 ba 01 00 00 00 48 8b bd 80 fe ff ff e8 4d d3 ef ff e9 cc f2 ff ff <0f> 0b 48 8b bb 20 ff ff ff c7 85 40 fe ff ff 00 00 00 00 e9 39 eb RSP: 0018:ffff8880a7e67aa8 EFLAGS: 00010202 RAX: 01fffc000000201f RBX: ffff8880a7e67c78 RCX: ffffffff819e5670 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffea00023f2100 RBP: ffff8880a7e67ca0 R08: fffff9400047e421 R09: fffff9400047e421 R10: fffff9400047e420 R11: ffffea00023f2107 R12: ffffea00023f2100 R13: ffffea00023f2100 R14: dffffc0000000000 R15: ffffea0002078000 khugepaged_scan_file mm/khugepaged.c:1881 [inline] khugepaged_scan_mm_slot mm/khugepaged.c:1979 [inline] khugepaged_do_scan mm/khugepaged.c:2063 [inline] khugepaged+0x2134/0x3440 mm/khugepaged.c:2108 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds..