bisecting cause commit starting from 46cf053efec6a3a5f343fead837777efe8252a46 building syzkaller on be5c2c81971442d623dd1b265dabf4644ceeb35b testing commit 46cf053efec6a3a5f343fead837777efe8252a46 with gcc (GCC) 8.1.0 kernel signature: b6d2a77fad8462b4a84de3a9eb2b768f39d0a74d run #0: crashed: INFO: task hung in sync_inodes_sb run #1: crashed: INFO: task hung in sync_inodes_sb run #2: crashed: INFO: task hung in sync_inodes_sb run #3: crashed: INFO: task hung in sync_inodes_sb run #4: crashed: INFO: task hung in sync_inodes_sb run #5: crashed: INFO: task hung in sync_inodes_sb run #6: crashed: INFO: task hung in sync_inodes_sb run #7: OK run #8: OK run #9: OK testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 6dbc7681fb4d7185c3e9a1d6699c3b98491e5fdd run #0: crashed: INFO: task hung in sync_inodes_sb run #1: crashed: INFO: task hung in sync_inodes_sb run #2: crashed: INFO: task hung in sync_inodes_sb run #3: crashed: INFO: task hung in sync_inodes_sb run #4: crashed: INFO: task hung in sync_inodes_sb run #5: OK run #6: crashed: INFO: task hung in sync_inodes_sb run #7: OK run #8: OK run #9: OK testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 36e316f7ae77ddcb55dc8171197e99ca51355707 run #0: crashed: INFO: task hung in sync_inodes_sb run #1: crashed: INFO: task hung in sync_inodes_sb run #2: crashed: INFO: task hung in sync_inodes_sb run #3: crashed: INFO: task hung in sync_inodes_sb run #4: crashed: INFO: task hung in sync_inodes_sb run #5: crashed: INFO: task hung in sync_inodes_sb run #6: crashed: INFO: task hung in sync_inodes_sb run #7: OK run #8: OK run #9: OK testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 3839d02d54c437345f7487428d75a91451d5ed15 all runs: crashed: INFO: task hung in sync_inodes_sb testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 3ceefcd1d1195762a131b17d5dda8383c8adb69c run #0: crashed: INFO: task hung in sync_inodes_sb run #1: crashed: INFO: task hung in sync_inodes_sb run #2: crashed: INFO: task hung in sync_inodes_sb run #3: crashed: INFO: task hung in sync_inodes_sb run #4: crashed: INFO: task hung in sync_inodes_sb run #5: crashed: INFO: task hung in sync_inodes_sb run #6: crashed: INFO: task hung in sync_inodes_sb run #7: crashed: INFO: task hung in sync_inodes_sb run #8: crashed: INFO: task hung in sync_inodes_sb run #9: OK testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 2f02ca29ff96f971663b2b55cf7024fde57dbc72 all runs: OK # git bisect start e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd 1c163f4c7b3f621efff9b28a47abb36f7378d783 Bisecting: 7074 revisions left to test after this (roughly 13 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 kernel signature: 1d0c9d967a234a267492749a9f436ac2e878ca5f all runs: OK # git bisect good b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 3573 revisions left to test after this (roughly 12 steps) [4f0237062ca70c8e34e16e518aee4b84c30d1832] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 4f0237062ca70c8e34e16e518aee4b84c30d1832 with gcc (GCC) 8.1.0 kernel signature: 2707cd1956bf6034aef42d7cefe1b0e1a80dac8d run #0: crashed: INFO: task hung in sync_inodes_sb run #1: crashed: INFO: task hung in sync_inodes_sb run #2: crashed: INFO: task hung in sync_inodes_sb run #3: crashed: INFO: task hung in sync_inodes_sb run #4: crashed: INFO: task hung in sync_inodes_sb run #5: crashed: INFO: task hung in sync_inodes_sb run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 4f0237062ca70c8e34e16e518aee4b84c30d1832 Bisecting: 1707 revisions left to test after this (roughly 11 steps) [80201fe175cbf7f3e372f53eba0a881a702ad926] Merge tag 'for-5.1/block-20190302' of git://git.kernel.dk/linux-block testing commit 80201fe175cbf7f3e372f53eba0a881a702ad926 with gcc (GCC) 8.1.0 kernel signature: 5acf3a64c6c6ffe68f0a29f498a2b58b00499a13 all runs: crashed: INFO: task hung in sync_inodes_sb # git bisect bad 80201fe175cbf7f3e372f53eba0a881a702ad926 Bisecting: 888 revisions left to test after this (roughly 10 steps) [5ea3998d56346975c2701df18fb5b6e3ab5c8d9e] Merge tag 'drm-intel-next-2019-02-07' of git://anongit.freedesktop.org/drm/drm-intel into drm-next testing commit 5ea3998d56346975c2701df18fb5b6e3ab5c8d9e with gcc (GCC) 8.1.0 kernel signature: e647f55cee514d4fd8b9fd052ddb4dd3470a7c1c all runs: OK # git bisect good 5ea3998d56346975c2701df18fb5b6e3ab5c8d9e Bisecting: 467 revisions left to test after this (roughly 9 steps) [1cabd3e0bd88d7ba9854cbb9213ef40eccad603b] Merge tag 'for-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 1cabd3e0bd88d7ba9854cbb9213ef40eccad603b with gcc (GCC) 8.1.0 kernel signature: 78971eaa83e34ad5f0309ff6943eb784eea0f16f all runs: OK # git bisect good 1cabd3e0bd88d7ba9854cbb9213ef40eccad603b Bisecting: 246 revisions left to test after this (roughly 8 steps) [cf2e8c544cd3b33e9e403b7b72404c221bf888d1] Merge tag 'mfd-next-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd testing commit cf2e8c544cd3b33e9e403b7b72404c221bf888d1 with gcc (GCC) 8.1.0 kernel signature: 4f5b214a7759dfacd4c2ddc4c6cd0bbd9f94e5a9 all runs: OK # git bisect good cf2e8c544cd3b33e9e403b7b72404c221bf888d1 Bisecting: 121 revisions left to test after this (roughly 7 steps) [4221b807d1f73c03d22543416d303b60a5d1ef31] Merge tag 'for-5.1/libata-20190301' of git://git.kernel.dk/linux-block testing commit 4221b807d1f73c03d22543416d303b60a5d1ef31 with gcc (GCC) 8.1.0 kernel signature: a4378e3acd0fac55e25cd88def45348b6c057488 all runs: OK # git bisect good 4221b807d1f73c03d22543416d303b60a5d1ef31 Bisecting: 60 revisions left to test after this (roughly 6 steps) [19d62f6d00972f957c94aba0975c14490cfed385] block: remove bvec_iter_rewind() testing commit 19d62f6d00972f957c94aba0975c14490cfed385 with gcc (GCC) 8.1.0 kernel signature: 118bfe8c57a499b051ea12e27991dbd2165eedcb all runs: OK # git bisect good 19d62f6d00972f957c94aba0975c14490cfed385 Bisecting: 30 revisions left to test after this (roughly 5 steps) [5d8762d5684ab997c7ccf2457c8beec7ef972ceb] nvme-rdma: convert to SPDX identifiers testing commit 5d8762d5684ab997c7ccf2457c8beec7ef972ceb with gcc (GCC) 8.1.0 kernel signature: 1b24a1f9330a946beac64e81ad4481b3dc4d30cf run #0: crashed: kernel BUG at mm/filemap.c:LINE! run #1: crashed: kernel BUG at mm/filemap.c:LINE! run #2: crashed: kernel BUG at mm/filemap.c:LINE! run #3: crashed: kernel BUG at mm/filemap.c:LINE! run #4: crashed: kernel BUG at mm/filemap.c:LINE! run #5: crashed: kernel BUG at mm/filemap.c:LINE! run #6: crashed: kernel BUG at mm/filemap.c:LINE! run #7: crashed: kernel BUG at mm/filemap.c:LINE! run #8: crashed: kernel BUG at mm/filemap.c:LINE! run #9: crashed: INFO: task hung in sync_inodes_sb # git bisect bad 5d8762d5684ab997c7ccf2457c8beec7ef972ceb Bisecting: 14 revisions left to test after this (roughly 4 steps) [56d18f62f556b80105e38e7975975cf7465aae3e] block: kill BLK_MQ_F_SG_MERGE testing commit 56d18f62f556b80105e38e7975975cf7465aae3e with gcc (GCC) 8.1.0 kernel signature: 79731c301e9446e85e0e1e9306aebec33b1ec51f all runs: crashed: kernel BUG at mm/filemap.c:LINE! # git bisect bad 56d18f62f556b80105e38e7975975cf7465aae3e Bisecting: 7 revisions left to test after this (roughly 3 steps) [c3a7ce738009912f9d237bdabf4a20038522de10] btrfs: use mp_bvec_last_segment to get bio's last page testing commit c3a7ce738009912f9d237bdabf4a20038522de10 with gcc (GCC) 8.1.0 kernel signature: 47a7086ef12917bece6283ce4b020f559472e0f6 all runs: OK # git bisect good c3a7ce738009912f9d237bdabf4a20038522de10 Bisecting: 3 revisions left to test after this (roughly 2 steps) [07173c3ec276cbb18dc0e0687d37d310e98a1480] block: enable multipage bvecs testing commit 07173c3ec276cbb18dc0e0687d37d310e98a1480 with gcc (GCC) 8.1.0 kernel signature: 51385d5e1f68adbe3037733b6a46516d47f1e9da all runs: crashed: kernel BUG at mm/filemap.c:LINE! # git bisect bad 07173c3ec276cbb18dc0e0687d37d310e98a1480 Bisecting: 1 revision left to test after this (roughly 1 step) [2e1f4f4d2481d8bf111904c3e45fc0c4c94bf76e] bcache: avoid to use bio_for_each_segment_all() in bch_bio_alloc_pages() testing commit 2e1f4f4d2481d8bf111904c3e45fc0c4c94bf76e with gcc (GCC) 8.1.0 kernel signature: 49bbeaeff06e0c299e125b91b60fbee8b8e8f20c all runs: OK # git bisect good 2e1f4f4d2481d8bf111904c3e45fc0c4c94bf76e Bisecting: 0 revisions left to test after this (roughly 0 steps) [6dc4f100c175dd0511ae8674786e7c9006cdfbfa] block: allow bio_for_each_segment_all() to iterate over multi-page bvec testing commit 6dc4f100c175dd0511ae8674786e7c9006cdfbfa with gcc (GCC) 8.1.0 kernel signature: a9319cab8ddcf6942d33d8a1013ec77f23ec8d08 all runs: crashed: kernel BUG at mm/filemap.c:LINE! # git bisect bad 6dc4f100c175dd0511ae8674786e7c9006cdfbfa 6dc4f100c175dd0511ae8674786e7c9006cdfbfa is the first bad commit commit 6dc4f100c175dd0511ae8674786e7c9006cdfbfa Author: Ming Lei Date: Fri Feb 15 19:13:19 2019 +0800 block: allow bio_for_each_segment_all() to iterate over multi-page bvec This patch introduces one extra iterator variable to bio_for_each_segment_all(), then we can allow bio_for_each_segment_all() to iterate over multi-page bvec. Given it is just one mechannical & simple change on all bio_for_each_segment_all() users, this patch does tree-wide change in one single patch, so that we can avoid to use a temporary helper for this conversion. Reviewed-by: Omar Sandoval Reviewed-by: Christoph Hellwig Signed-off-by: Ming Lei Signed-off-by: Jens Axboe block/bio.c | 27 ++++++++++++++++++--------- block/bounce.c | 6 ++++-- drivers/md/bcache/btree.c | 3 ++- drivers/md/dm-crypt.c | 3 ++- drivers/md/raid1.c | 3 ++- drivers/staging/erofs/data.c | 3 ++- drivers/staging/erofs/unzip_vle.c | 3 ++- fs/block_dev.c | 6 ++++-- fs/btrfs/compression.c | 3 ++- fs/btrfs/disk-io.c | 3 ++- fs/btrfs/extent_io.c | 9 ++++++--- fs/btrfs/inode.c | 6 ++++-- fs/btrfs/raid56.c | 3 ++- fs/crypto/bio.c | 3 ++- fs/direct-io.c | 4 +++- fs/exofs/ore.c | 3 ++- fs/exofs/ore_raid.c | 3 ++- fs/ext4/page-io.c | 3 ++- fs/ext4/readpage.c | 3 ++- fs/f2fs/data.c | 9 ++++++--- fs/gfs2/lops.c | 9 ++++++--- fs/gfs2/meta_io.c | 3 ++- fs/iomap.c | 6 ++++-- fs/mpage.c | 3 ++- fs/xfs/xfs_aops.c | 5 +++-- include/linux/bio.h | 11 +++++++++-- include/linux/bvec.h | 30 ++++++++++++++++++++++++++++++ 27 files changed, 127 insertions(+), 46 deletions(-) culprit signature: a9319cab8ddcf6942d33d8a1013ec77f23ec8d08 parent signature: 49bbeaeff06e0c299e125b91b60fbee8b8e8f20c revisions tested: 20, total time: 5h0m34.676650748s (build: 1h53m54.018941804s, test: 3h5m6.778319223s) first bad commit: 6dc4f100c175dd0511ae8674786e7c9006cdfbfa block: allow bio_for_each_segment_all() to iterate over multi-page bvec cc: ["axboe@kernel.dk" "hch@lst.de" "ming.lei@redhat.com" "osandov@fb.com"] crash: kernel BUG at mm/filemap.c:LINE! 8021q: adding VLAN 0 to HW filter on device batadv0 IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 8021q: adding VLAN 0 to HW filter on device batadv0 ------------[ cut here ]------------ kernel BUG at mm/filemap.c:1283! kobject: 'loop3' (000000008e7603f3): kobject_uevent_env invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.0.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:end_page_writeback+0x2bd/0x300 mm/filemap.c:1283 Code: fe ff ff 4c 89 ef e8 a2 53 19 00 e9 00 fe ff ff 48 89 df e8 95 53 19 00 e9 01 ff ff ff 4c 89 e7 e8 88 53 19 00 e9 37 fe ff ff <0f> 0b 4c 89 ef e8 79 53 19 00 e9 51 fe ff ff 4c 89 e7 e8 6c 53 19 RSP: 0018:ffff8880a98b7ac8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffea0001ff5800 RCX: 1ffff11015315156 RDX: 1ffffffff10a453e RSI: 1ffff11015315158 RDI: 0000000000000282 RBP: ffff8880a98b7ae0 R08: 0000000000000000 R09: 0000000000000001 R10: ffffed1015d45bcf R11: ffff8880aea2de7b R12: ffffea0001ff5808 R13: ffffea0001ff5800 R14: dffffc0000000000 R15: ffff88808eb952c0 FS: 0000000000000000(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000625208 CR3: 00000000a7fec000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: page_endio+0x244/0x4c0 mm/filemap.c:1313 mpage_end_io+0x14f/0x2d0 fs/mpage.c:55 bio_endio+0x459/0x830 block/bio.c:1802 req_bio_endio block/blk-core.c:196 [inline] blk_update_request+0x248/0x9e0 block/blk-core.c:1454 blk_mq_end_request+0x54/0x4e0 block/blk-mq.c:562 lo_complete_rq+0x1af/0x270 drivers/block/loop.c:485 blk_done_softirq+0x2c6/0x490 block/blk-softirq.c:37 __do_softirq+0x260/0x958 kernel/softirq.c:292 run_ksoftirqd+0x94/0x100 kernel/softirq.c:654 smpboot_thread_fn+0x55f/0x860 kernel/smpboot.c:164 ------------[ cut here ]------------ kthread+0x324/0x3e0 kernel/kthread.c:246 downgrading a read lock WARNING: CPU: 1 PID: 7278 at kernel/locking/lockdep.c:3553 __lock_downgrade kernel/locking/lockdep.c:3553 [inline] WARNING: CPU: 1 PID: 7278 at kernel/locking/lockdep.c:3553 lock_downgrade+0x47b/0x7f0 kernel/locking/lockdep.c:3816