Re: Fw: [Bug 216114] New: page dumped because: VM_BUG_ON_FOLIO(!folio_contains(folio, index)) and kernel BUG at mm/truncate.c:669!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jun 11, 2022 at 01:07:49PM -0700, Andrew Morton wrote:
> 
> Hi.    Do you recall if this is a new one?

New to me.  Does this happen reliably enough to do a bisect?

Hmm.

                        folio_lock(folio);
                        VM_BUG_ON_FOLIO(!folio_contains(folio, index), folio);
                        if (folio->mapping != mapping) {
                                folio_unlock(folio);
                                continue;
                        }

so we found a truncated folio (below dump shows folio->mapping == NULL).
We should be able to solve this by simply moving the VM_BUG_ON_FOLIO
down four lines.

I'm a little confused that this can happen; the page cache is littered
with comments saying:

        /* Leave page->index set: truncation lookup relies upon it */

so the VM_BUG_ON_FOLIO shouldn't need to be moved and hints at a problem
that I don't understand.  I also don't understand that PG_head is set,
and yet dump_page() did not print:
                pr_warn("head:%p order:%u compound_mapcount:%d compound_pincount:%d\n",
(is it possible it was inadvertently omitted from the bug report?)

Also a head page should not be able to have an odd index.  So there's a
lot here that doesn't make sense to me right now.

> Begin forwarded message:
> 
> Date: Sat, 11 Jun 2022 10:50:53 +0000
> From: bugzilla-daemon@xxxxxxxxxx
> To: akpm@xxxxxxxxxxxxxxxxxxxx
> Subject: [Bug 216114] New: page dumped because: VM_BUG_ON_FOLIO(!folio_contains(folio, index)) and kernel BUG at mm/truncate.c:669!
> 
> 
> https://bugzilla.kernel.org/show_bug.cgi?id=216114
> 
>             Bug ID: 216114
>            Summary: page dumped because:
>                     VM_BUG_ON_FOLIO(!folio_contains(folio, index)) and
>                     kernel BUG at mm/truncate.c:669!
>            Product: Memory Management
>            Version: 2.5
>     Kernel Version: 5.19-rc1
>           Hardware: All
>                 OS: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: Other
>           Assignee: akpm@xxxxxxxxxxxxxxxxxxxx
>           Reporter: zlang@xxxxxxxxxx
>         Regression: No
> 
> xfstests on x86_64 with 64k directory size (mkfs.xfs -n size=65536) XFS[1] hit
> panic[2]. The kernel HEAD which I used is 
> 
> commit 874c8ca1e60b2c564a48f7e7acc40d328d5c8733
> Author: David Howells <dhowells@xxxxxxxxxx>
> Date:   Thu Jun 9 21:46:04 2022 +0100
> 
>     netfs: Fix gcc-12 warning by embedding vfs inode in netfs_i_context
> 
> 
> [1]
> meta-data=/dev/sda4              isize=512    agcount=16, agsize=245696 blks
>          =                       sectsz=512   attr=2, projid32bit=1
>          =                       crc=1        finobt=1, sparse=1, rmapbt=0
>          =                       reflink=1    bigtime=1 inobtcount=1
> data     =                       bsize=4096   blocks=3931136, imaxpct=25
>          =                       sunit=64     swidth=192 blks
> naming   =version 2              bsize=65536  ascii-ci=0, ftype=1
> log      =internal log           bsize=4096   blocks=16384, version=2
>          =                       sectsz=512   sunit=64 blks, lazy-count=1
> realtime =none                   extsz=4096   blocks=0, rtextents=0
> 
> [2]
> # ./scripts/decode_stacktrace.sh vmlinux < crash.log                            
> [ 8525.364621] run fstests generic/132 at 2022-06-10 17:58:32                   
> [ 8529.173644] XFS (sda4): Mounting V5 Filesystem                       
> [ 8529.338529] XFS (sda4): Ending clean mount                                   
> [ 8531.015050] restraintd[1356]: *** Current Time: Fri Jun 10 17:58:44 2022 
> Localwatchdog at: Sun Jun 12 15:40:44 2022
> [ 8560.723674] XFS (sda5): Unmounting Filesystem
> [ 8560.984233] XFS (sda4): EXPERIMENTAL online scrub feature in use. Use at
> your own risk!
> [ 8561.787448] XFS (sda4): Unmounting Filesystem
> [ 8562.925361] XFS (sda4): Mounting V5 Filesystem
> [ 8563.101997] XFS (sda4): Ending clean mount
> [ 8563.163581] XFS (sda4): Unmounting Filesystem 
> [ 8563.890637] XFS (sda5): Mounting V5 Filesystem
> [ 8564.087515] XFS (sda5): Ending clean mount
> [ 8567.049332] XFS (sda4): Mounting V5 Filesystem
> [ 8567.176278] XFS (sda4): Ending clean mount
> [ 8567.213659] XFS (sda4): Unmounting Filesystem         
> [ 8567.476953] XFS (sda5): EXPERIMENTAL online scrub feature in use. Use at
> your own risk!
> [ 8573.888318] XFS (sda5): Unmounting Filesystem
> [ 8575.293213] XFS (sda5): Mounting V5 Filesystem
> [ 8575.545576] XFS (sda5): Ending clean mount
> [ 8575.883979] run fstests generic/133 at 2022-06-10 17:59:23
> [ 8590.600151] page:0000000027772b07 refcount:2 mapcount:0
> mapping:0000000000000000 index:0x1 pfn:0x2a7a00
> [ 8590.601327] flags:
> 0x57ffffc0050000(head|reclaim|node=1|zone=2|lastcpupid=0x1fffff)
> [ 8590.601341] raw: 0057ffffc0050000 0000000000000000 dead000000000122
> 0000000000000000
> [ 8590.601345] raw: 0000000000007300 0000000000000000 00000001ffffffff
> 0000000000000000
> [ 8590.601348] page dumped because: VM_BUG_ON_FOLIO(!folio_contains(folio,
> index))
> [ 8590.601416] ------------[ cut here ]------------                             
> [ 8590.601417] kernel BUG at mm/truncate.c:669!                                 
> [ 8590.601431] invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI                
> [ 8590.606841] Hardware name: HP ProLiant DL385p Gen8, BIOS A28 02/06/2014      
> [ 8590.607178] RIP: 0010:invalidate_inode_pages2_range (mm/truncate.c:669
> (discriminator 1)) 
> [ 8590.607924] Code: c0 03 38 d0 7c 08 84 d2 0f 85 aa 06 00 00 41 8b 47 5c 49
> 39 c6 0f 82 80 fe ff ff 48 c7 c6 a0 3b 55 99 4c 89 ff e8 7e 9f 07 00 <0f> 0b e8
> 37 ec fd ff 4c 89 ff e8 9f c3 03 
> 00 84 c0 0f 85 2d 02 00   
> All code              
> ========
>    0:   c0 03 38                rolb   $0x38,(%rbx)        
>    3:   d0 7c 08 84             sarb   -0x7c(%rax,%rcx,1)     
>    7:   d2 0f                   rorb   %cl,(%rdi)
>    9:   85 aa 06 00 00 41       test   %ebp,0x41000006(%rdx)                    
>    f:   8b 47 5c                mov    0x5c(%rdi),%eax     
>   12:   49 39 c6                cmp    %rax,%r14                 
>   15:   0f 82 80 fe ff ff       jb     0xfffffffffffffe9b           
>   1b:   48 c7 c6 a0 3b 55 99    mov    $0xffffffff99553ba0,%rsi                 
>   22:   4c 89 ff                mov    %r15,%rdi
>   25:   e8 7e 9f 07 00          callq  0x79fa8
>   2a:*  0f 0b                   ud2             <-- trapping instruction
>   2c:   e8 37 ec fd ff          callq  0xfffffffffffdec68
>   31:   4c 89 ff                mov    %r15,%rdi
>   34:   e8 9f c3 03 00          callq  0x3c3d8
>   39:   84 c0                   test   %al,%al
>   3b:   0f                      .byte 0xf
>   3c:   85                      .byte 0x85
>   3d:   2d                      .byte 0x2d
>   3e:   02 00                   add    (%rax),%al
> 
> Code starting with the faulting instruction
> ===========================================
>    0:   0f 0b                   ud2    
>    2:   e8 37 ec fd ff          callq  0xfffffffffffdec3e
>    7:   4c 89 ff                mov    %r15,%rdi
>    a:   e8 9f c3 03 00          callq  0x3c3ae
>    f:   84 c0                   test   %al,%al
>   11:   0f                      .byte 0xf
>   12:   85                      .byte 0x85
>   13:   2d                      .byte 0x2d
>   14:   02 00                   add    (%rax),%al
> [ 8590.609335] RSP: 0018:ffffc9000bd976d0 EFLAGS: 00010286
> [ 8590.609697] RAX: 0000000000000043 RBX: dffffc0000000000 RCX:
> 0000000000000000
> [ 8590.610771] RDX: 0000000000000001 RSI: 0000000000000004 RDI:
> fffff520017b2eca
> [ 8590.611576] RBP: 0000000000000000 R08: 0000000000000043 R09:
> ffff8888367efd0b
> [ 8590.612349] R10: ffffed1106cfdfa1 R11: 0000000000000001 R12:
> ffff88825a578418
> [ 8590.613117] R13: 0000000000007340 R14: 000000000000733f R15:
> ffffea000a9e8000
> [ 8590.613902] FS:  00007f93f6f56740(0000) GS:ffff888836600000(0000)
> knlGS:0000000000000000
> [ 8590.614346] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 8590.615008] CR2: 00007f0576919150 CR3: 0000000649990000 CR4:
> 00000000000406e0
> [ 8590.615761] Call Trace:
> [ 8590.615914]  <TASK>
> [ 8590.616425] ? mapping_evict_folio.part.0 (mm/truncate.c:630)                
>                                                                                
>                        [86/196]
> [ 8590.616718] ? pagevec_lookup_range_tag (mm/swap.c:1122) 
> [ 8590.617492] ? __filemap_fdatawait_range (mm/filemap.c:518) 
> [ 8590.618140] ? xas_reload (mm/filemap.c:503)  
> [ 8590.618357] ? filemap_fdatawrite_wbc (./include/linux/backing-dev.h:138
> mm/filemap.c:383) 
> [ 8590.619013] ? filemap_range_has_page (mm/filemap.c:498) 
> [ 8590.619866] ? delete_from_page_cache_batch (mm/filemap.c:413) 
> [ 8590.620201] ? rcu_read_lock_sched_held (kernel/rcu/update.c:125) 
> [ 8590.620864] ? filemap_check_errors (./arch/x86/include/asm/bitops.h:207
> ./include/asm-generic/bitops/instrumented-non-atomic.h:135 mm/filemap.c:351) 
> [ 8590.621542] __iomap_dio_rw (fs/iomap/direct-io.c:582) 
> [ 8590.621768] ? iomap_dio_bio_iter (fs/iomap/direct-io.c:487) 
> [ 8590.622436] ? trace_xfs_setattr (fs/xfs/xfs_iops.c:1020) xfs
> [ 8590.623386] ? iu[ 8590.708322] iomap_dio_rw (fs/iomap/direct-io.c:689) 
> [ 8590.724063] xfs_file_dio_write_aligned (fs/xfs/xfs_file.c:536) xfs
> [ 8590.724539] ? xfs_file_dio_write_unaligned (fs/xfs/xfs_file.c:515) xfs
> [ 8590.725586] xfs_file_write_iter (fs/xfs/xfs_file.c:792) xfs
> [ 8590.726382] new_sync_write (fs/read_write.c:505 (discriminator 1)) 
> [ 8590.726593] ? new_sync_read (fs/read_write.c:494) 
> [ 8590.726801] ? lock_acquire (kernel/locking/lockdep.c:466
> kernel/locking/lockdep.c:5667 kernel/locking/lockdep.c:5630) 
> [ 8590.727040] ? rcu_read_unlock (./include/linux/rcupdate.h:724 (discriminator
> 5)) 
> [ 8590.727267] vfs_write (fs/read_write.c:591)  
> [ 8590.727815] __x64_sys_pwrite64 (fs/read_write.c:706 fs/read_write.c:716
> fs/read_write.c:713 fs/read_write.c:713) 
> [ 8590.728051] ? vfs_write (fs/read_write.c:713) 
> [ 8590.728263] ? ktime_get_coarse_real_ts64 (./include/linux/seqlock.h:104
> kernel/time/timekeeping.c:2258) 
> [ 8590.728546] do_syscall_64 (arch/x86/entry/common.c:50
> arch/x86/entry/common.c:80) 
> [ 8590.728756] ? do_syscall_64 (arch/x86/entry/common.c:87) 
> [ 8590.728983] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4383) 
> [ 8590.729600] ? do_syscall_64 (arch/x86/entry/common.c:87) 
> [ 8590.729833] ? do_syscall_64+0x69/[ 8591.130203] ? lockdep_hardirqs_on
> (kernel/locking/lockdep.c:4383) 
> [ 8591.130866] ? do_syscall_64 (arch/x86/entry/common.c:87) 
> [ 8591.131115] ? do_syscall_64 (arch/x86/entry/common.c:87) 
> [ 8591.131331] ? do_syscall_64 (arch/x86/entry/common.c:87) 
> [ 8591.131576] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4383) 
> [ 8591.132207] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) 
> [ 8591.132501] RIP: 0033:0x7f93f6d3cddf
> [ 8591.132737] Code: 08 89 3c 24 48 89 4c 24 18 e8 6d fe f5 ff 4c 8b 54 24 18
> 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00
> f0 ff ff 77 31 44 89 c7 48 89 04 
> 24 e8 bd fe f5 ff 48 8b
> All code
> ========
>    0:   08 89 3c 24 48 89       or     %cl,-0x76b7dbc4(%rcx)
>    6:   4c 24 18                rex.WR and $0x18,%al
>    9:   e8 6d fe f5 ff          callq  0xfffffffffff5fe7b
>    e:   4c 8b 54 24 18          mov    0x18(%rsp),%r10
>   13:   48 8b 54 24 10          mov    0x10(%rsp),%rdx
>   18:   41 89 c0                mov    %eax,%r8d
>   1b:   48 8b 74 24 08          mov    0x8(%rsp),%rsi
>   20:   8b 3c 24                mov    (%rsp),%edi
>   23:   b8 12 00 00 00          mov    $0x12,%eax
>   28:   0f 05                   syscall 
>   2a:*  48 3d 00 f0 ff ff       cmp    $0xfffffffffffff000,%rax         <--
> trapping instruction
>   30:   77 31                   ja     0x63
>   32:   44 89 c7                mov    %r8d,%edi
>   35:   48 89 04 24             mov    %rax,(%rsp)
>   39:   e8 bd fe f5 ff          callq  0xfffffffffff5fefb
>   3e:   48                      rex.W
>   3f:   8b                      .byte 0x8b
> 
> Code starting with the faulting instruction
> ===========================================
>    0:   48 3d 00 f0 ff ff       cmp    $0xfffffffffffff000,%rax
>    6:   77 31                   ja     0x39
>    8:   44 89 c7                mov    %r8d,%edi
>    b:   48 89 04 24             mov    %rax,(%rsp)
>    f:   e8 bd fe f5 ff          callq  0xfffffffffff5fed1
>   14:   48                      rex.W
>   15:   8b                      .byte 0x8b
> [ 8591.134056] RSP: 002b:00007ffd8aac5a20 EFLAGS: 00000293 ORIG_RAX:
> 0000000000000012
> [ 8591.134828] RAX: ffffffffffffffda RBX: 0000000007340000 RCX:
> 00007f93f6d3cddf
> [ 8591.135648] RDX: 0000000000010000 RSI: 0000000000b63000 RDI:
> 0000000000000003
> [ 8591.136425] RBP: 00000000ffffffff R08: 0000000000000000 R09:
> 0000000000000079
> [ 8591.137179] R10: 0000000007340000 R11: 0000000000000293 R12:
> 0000000007340000
> [ 8591.138020] R13: 0000000000000000 R14: 0000000000000734 R15:
> 0000000018cc0000
> [ 8591.138804]  </TASK>
> [ 8591.138985] Modules limi sysimgblt fb_sys_fops hpilo ipmi_si ipmi_devintf
> ipmi_msghandler sunrpc acpi_power_meter drm fuse xfs libcrc32c sd_mod t10_pi
> crc64_rocksoft_generic crc64_rocksoft
>  crc64 sr_mod cdrom sg crct10dif_pclmul crc32_pclmul crc32c_intel ahci
> ata_generic libahci ghash_clmulni_intel serio_raw libata hpsa tg3
> scsi_transport_sas hpwdt [last unloaded: scsi_debug]
> [ 8591.641707] ---[ end trace 0000000000000000 ]---
> [ 8591.644539] amd_iommu_report_page_fault: 501 callbacks suppressed
> [ 8591.644554] hpilo 0000:02:00.2: AMD-Vi: Event logged [IO_PAGE_FAULT
> domain=0x000d address=0xbde0e000 flags=0x0000]
> [ 8591.650728] hpilo 0000:02:00.2: AMD-Vi: Event logged [IO_PAGE_FAULT
> domain=0x000d address=0xbde0e000 flags=0x0000]
> [ 8591.655235] hpilo 0000:02:00.2: AMD-Vi: Event logged [IO_PAGE_FAULT
> domain=0x000d address=0xbde0e000 flags=0x0000]
> [ 8591.661240] hpilo 0000:02:00.2: AMD-Vi: Event logged [IO_PAGE_FAULT
> domain=0x000d address=0xbde0e000 flags=0x0000]
> [ 8591.666237] hpilo 0000:02:00.2: AMD-Vi: Event logged [IO_PAGE_FAULT
> domain=0x000d address=0xbde0e000 flags=0x0000]
> [ 8591.670741] hpilo 0000:02:00.2: AMD-ViIP: 0010:invalidate_inode_pages2_range
> (mm/truncate.c:669 (discriminator 1)) 
> [ 8591.676251] Code: c0 03 38 d0 7c 08 84 d2 0f 85 aa 06 00 00 41 8b 47 5c 49
> 39 c6 0f 82 80 fe ff ff 48 c7 c6 a0 3b 55 99 4c 89 ff e8 7e 9f 07 00 <0f> 0b e8
> 37 ec fd ff 4c 89 ff e8 9f c3 03 
> 00 84 c0 0f 85 2d 02 00
> All code
> ========
>    0:   c0 03 38                rolb   $0x38,(%rbx)
>    3:   d0 7c 08 84             sarb   -0x7c(%rax,%rcx,1)
>    7:   d2 0f                   rorb   %cl,(%rdi)
>    9:   85 aa 06 00 00 41       test   %ebp,0x41000006(%rdx)
>    f:   8b 47 5c                mov    0x5c(%rdi),%eax
>   12:   49 39 c6                cmp    %rax,%r14
>   15:   0f 82 80 fe ff ff       jb     0xfffffffffffffe9b
>   1b:   48 c7 c6 a0 3b 55 99    mov    $0xffffffff99553ba0,%rsi
>   22:   4c 89 ff                mov    %r15,%rdi
>   25:   e8 7e 9f 07 00          callq  0x79fa8
>   2a:*  0f 0b                   ud2             <-- trapping instruction
>   2c:   e8 37 ec fd ff          callq  0xfffffffffffdec68
>   31:   4c 89 ff                mov    %r15,%rdi
>   34:   e8 9f c3 03 00          callq  0x3c3d8
>   39:   84 c0                   test   %al,%al
>   3b:   0f                      .byte 0xf
>   3c:   85                      .byte 0x85
>   3d:   2d                      .byte 0x2d
>   3e:   02 00                   add    (%rax),%al
> 
> Code starting with the faulting instruction
> ===========================================
>    0:   0f 0b                   ud2    
>    2:   e8 37 ec fd ff          callq  0xfffffffffffdec3e
>    7:   4c 89 ff                mov    %r15,%rdi
>    a:   e8 9f c3 03 00          callq  0x3c3ae
>    f:   84 c0                   test   %al,%al
>   11:   0f                      .byte 0xf
>   12:   85                      .byte 0x85
>   13:   2d                      .byte 0x2d
>   14:   02 00                   add    (%rax),%al
> [ 8591.676261] RSP: 0018:ffffc9000bd976d0 EFLAGS: 00010286
> [ 8591.676273] RAX: 0000000000000043 RBX: dffffc0000000000 RCX:
> 0000000000000000
> [ 8591.676279] RDX: 0000000000000001 RSI: 0000000000000004 RDI:
> fffff520017b2eca
> [ 8591.676287] RBP: 0000000000000000 R08: 0000000000000043 R09:
> ffff8888367efd0b
> [ 8591.676293] R10: ffffed1106cfdfa1 R11: 0000000000000001 R12:
> ffff88825a578418
> [ 8591.676327] R13: 0000000000007340 R14: 000000000000733f R15:
> ffffea000a9e8000
> [ 8591.676336] FS:  00007f93f6f56740(0000) GS:ffff888836600000(0000)
> knlGS:0000000000000000
> [ 8591.676344] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 8591.676350] CR2: 00007f0576919150 CR3: 0000000649990000 CR4:
> 00000000000406e0
> [ 8591.013708] restraintd[1356]: *** Current Time: Fri Jun 10 17:59:44 2022 
> Localwatchdog at: Sun Jun 12 15:40:44 2022
> [-- MARK -- Fri Jun 10 22:00:00 2022]
> 
> -- 
> You may reply to this email to add a comment.
> 
> You are receiving this mail because:
> You are the assignee for the bug.




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux