ci starts bisection 2022-10-07 18:22:19.124143431 +0000 UTC m=+6204.926937753
bisecting cause commit starting from 511cce163b75bc3933fa3de769a82bb7e8663f2b
building syzkaller on 1d385642c6e7ff09f8689d6e0d70b07cc40af05d
ensuring issue is reproducible on original commit 511cce163b75bc3933fa3de769a82bb7e8663f2b

testing commit 511cce163b75bc3933fa3de769a82bb7e8663f2b gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d390cf30b42609804660df7c174f5aeaccfb7e75284a48e57ef276024023c9d7
all runs: crashed: WARNING in change_pte_range
testing release v5.19
testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f0fb2cf40f9b91dff25db88bf34181e5c703b4c6345f3b0eb713852f95b6759a
all runs: crashed: WARNING in change_pte_range
testing release v5.18
testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cf708344313df8b87dddb58d2ac0d8c3c70da077d069d9a58716a8e9a28a8ae4
all runs: OK
# git bisect start 3d7cb6b04c3f3115719235cc6866b10326de34cd 4b0986a3613c92f4ec1bdc7f60ec66fea135991f
Bisecting: 8493 revisions left to test after this (roughly 13 steps)
[c011dd537ffe47462051930413fed07dbdc80313] Merge tag 'arm-soc-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit c011dd537ffe47462051930413fed07dbdc80313 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3a0d3abc872a1baff7670dc202372762da401a8014d846bc19b3a7e1bca95fc0
all runs: OK
# git bisect good c011dd537ffe47462051930413fed07dbdc80313
Bisecting: 4244 revisions left to test after this (roughly 12 steps)
[5d4af9c1f04ab0411ba5818baad9a68e87f33099] Merge branch 'mv88e6xxx-fixes-for-reading-serdes-state'

testing commit 5d4af9c1f04ab0411ba5818baad9a68e87f33099 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4343a07ca2028143a468c86abcef4c2d5d96d117ad5ac03493c77578ea754dbd
all runs: crashed: WARNING in change_pte_range
# git bisect bad 5d4af9c1f04ab0411ba5818baad9a68e87f33099
Bisecting: 2116 revisions left to test after this (roughly 11 steps)
[7e284070abe53d448517b80493863595af4ab5f0] Merge tag 'for-5.19/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

testing commit 7e284070abe53d448517b80493863595af4ab5f0 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 596c450e5c7f93c4dbc922264c99ffe125feae471aaa2da6657df00314412f66
all runs: crashed: WARNING in change_pte_range
# git bisect bad 7e284070abe53d448517b80493863595af4ab5f0
Bisecting: 1057 revisions left to test after this (roughly 10 steps)
[a0439cf4eca05fe562f19ece4b6761852d911adb] Merge tag 'arm-defconfig-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit a0439cf4eca05fe562f19ece4b6761852d911adb gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 16d61e0e0535194f7e32647e29c558804300158e1d886773de4be9d98fac17a7
all runs: OK
# git bisect good a0439cf4eca05fe562f19ece4b6761852d911adb
Bisecting: 536 revisions left to test after this (roughly 9 steps)
[98931dd95fd489fcbfa97da563505a6f071d7c77] Merge tag 'mm-stable-2022-05-25' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

testing commit 98931dd95fd489fcbfa97da563505a6f071d7c77 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9c91638763597c5b63e584c84acd085edf938f46feb41a4887bb0f4b14c002c2
all runs: crashed: WARNING in change_pte_range
# git bisect bad 98931dd95fd489fcbfa97da563505a6f071d7c77
Bisecting: 260 revisions left to test after this (roughly 8 steps)
[54943a1a4d2a3fed23d31e96a91aa9d18ea74500] mm/shmem: remove duplicate include in memory.c

testing commit 54943a1a4d2a3fed23d31e96a91aa9d18ea74500 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6806f4af8b57c76596ed2ec308f59131be7c41839d1e9fad4e4205398f204eba
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: crashed: WARNING in change_pte_range
run #2: crashed: WARNING in change_pte_range
run #3: crashed: WARNING in change_pte_range
run #4: crashed: WARNING in change_pte_range
run #5: crashed: WARNING in change_pte_range
run #6: crashed: WARNING in change_pte_range
run #7: crashed: WARNING in change_pte_range
run #8: crashed: WARNING in change_pte_range
run #9: crashed: WARNING in change_pte_range
# git bisect bad 54943a1a4d2a3fed23d31e96a91aa9d18ea74500
Bisecting: 129 revisions left to test after this (roughly 7 steps)
[eae3cb2e87ff84547e66211b81301a8f9122840f] selftests: cgroup: add a selftest for memory.reclaim

testing commit eae3cb2e87ff84547e66211b81301a8f9122840f gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7a81712fc686431016dfcdfa24617ec19b8afb3e575bcca99379f475f92d9a48
all runs: OK
# git bisect good eae3cb2e87ff84547e66211b81301a8f9122840f
Bisecting: 64 revisions left to test after this (roughly 6 steps)
[b304c6f0d39d927a87e72a8ac6c89b96ac25f355] mm/swapops: make is_pmd_migration_entry more strict

testing commit b304c6f0d39d927a87e72a8ac6c89b96ac25f355 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 31de14a8952dd8934ad0504200cf11c944b49b3b7be64177d5504da2fc1ea33a
all runs: OK
# git bisect good b304c6f0d39d927a87e72a8ac6c89b96ac25f355
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[c64e912c865a1a0df1c312bca946985eb095afa5] mm/hugetlb: handle pte markers in page faults

testing commit c64e912c865a1a0df1c312bca946985eb095afa5 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b3d881c8f33f2edcb6c99434d639e320d0a62ca4434890a9667aef8cc159b176
all runs: OK
# git bisect good c64e912c865a1a0df1c312bca946985eb095afa5
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[b48d8a8e5ce53e3114a1ffe96563e3555b51d40b] mm: page_isolation: move has_unmovable_pages() to mm/page_isolation.c

testing commit b48d8a8e5ce53e3114a1ffe96563e3555b51d40b gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7bd60c8d2a28ab1ef6982647702c16d09d9746081588795ff925a13d3b507f45
all runs: crashed: WARNING in change_pte_range
# git bisect bad b48d8a8e5ce53e3114a1ffe96563e3555b51d40b
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[c0eeeb02d9df878c71a457008900b650d94bd0d9] selftests/uffd: enable uffd-wp for shmem/hugetlbfs

testing commit c0eeeb02d9df878c71a457008900b650d94bd0d9 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 99bd77a5ca8ab5c5cb0937f6b09d476f535f8c5fe81c0ac4c89153e5a476b20c
all runs: crashed: WARNING in change_pte_range
# git bisect bad c0eeeb02d9df878c71a457008900b650d94bd0d9
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[deb4c93a9871082a7df6a99ca8fa48024665a71a] mm/khugepaged: don't recycle vma pgtable if uffd-wp registered

testing commit deb4c93a9871082a7df6a99ca8fa48024665a71a gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 36a029306bff1dee4c5c0df1b8c718ba2df21807e6132a4807327589f76578e9
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good deb4c93a9871082a7df6a99ca8fa48024665a71a
Bisecting: 1 revision left to test after this (roughly 1 step)
[b1f9e876862d8f7176299ec4fb2108bc1045cbc8] mm/uffd: enable write protection for shmem & hugetlbfs

testing commit b1f9e876862d8f7176299ec4fb2108bc1045cbc8 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2f0200ff51b87be90874e9eefa61b56a63f8fd2533c6c691e377c70ee9597aae
all runs: crashed: WARNING in change_pte_range
# git bisect bad b1f9e876862d8f7176299ec4fb2108bc1045cbc8
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[8e165e733bfa06edbcdbe491ef13b2bf1a3fa883] mm/pagemap: recognize uffd-wp bit for shmem/hugetlbfs

testing commit 8e165e733bfa06edbcdbe491ef13b2bf1a3fa883 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5194bd3618b4e410cc3ccacfa40fc0824865de2903531c7cec955364525f9553
all runs: OK
# git bisect good 8e165e733bfa06edbcdbe491ef13b2bf1a3fa883
b1f9e876862d8f7176299ec4fb2108bc1045cbc8 is the first bad commit
commit b1f9e876862d8f7176299ec4fb2108bc1045cbc8
Author: Peter Xu <peterx@redhat.com>
Date:   Thu May 12 20:22:56 2022 -0700

    mm/uffd: enable write protection for shmem & hugetlbfs
    
    We've had all the necessary changes ready for both shmem and hugetlbfs.
    Turn on all the shmem/hugetlbfs switches for userfaultfd-wp.
    
    We can expand UFFD_API_RANGE_IOCTLS_BASIC with _UFFDIO_WRITEPROTECT too
    because all existing types now support write protection mode.
    
    Since vma_can_userfault() will be used elsewhere, move into userfaultfd_k.h.
    
    Link: https://lkml.kernel.org/r/20220405014926.15101-1-peterx@redhat.com
    Signed-off-by: Peter Xu <peterx@redhat.com>
    Cc: Alistair Popple <apopple@nvidia.com>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Cc: Axel Rasmussen <axelrasmussen@google.com>
    Cc: David Hildenbrand <david@redhat.com>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Jerome Glisse <jglisse@redhat.com>
    Cc: "Kirill A . Shutemov" <kirill@shutemov.name>
    Cc: Matthew Wilcox <willy@infradead.org>
    Cc: Mike Kravetz <mike.kravetz@oracle.com>
    Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
    Cc: Nadav Amit <nadav.amit@gmail.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

 fs/userfaultfd.c                 | 21 +++------------------
 include/linux/userfaultfd_k.h    | 20 ++++++++++++++++++++
 include/uapi/linux/userfaultfd.h | 10 ++++++++--
 mm/userfaultfd.c                 |  9 +++------
 4 files changed, 34 insertions(+), 26 deletions(-)

culprit signature: 2f0200ff51b87be90874e9eefa61b56a63f8fd2533c6c691e377c70ee9597aae
parent  signature: 5194bd3618b4e410cc3ccacfa40fc0824865de2903531c7cec955364525f9553
revisions tested: 17, total time: 3h45m6.499026494s (build: 1h58m58.541126566s, test: 1h43m59.53952163s)
first bad commit: b1f9e876862d8f7176299ec4fb2108bc1045cbc8 mm/uffd: enable write protection for shmem & hugetlbfs
recipients (to): ["akpm@linux-foundation.org" "akpm@linux-foundation.org" "linux-mm@kvack.org" "peterx@redhat.com"]
recipients (cc): ["david@redhat.com" "jack@suse.cz" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "namit@vmware.com" "peterx@redhat.com" "rppt@kernel.org" "viro@zeniv.linux.org.uk"]
crash: WARNING in change_pte_range
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4164 at include/linux/swapops.h:309 change_pte_range+0x940/0x1280 mm/mprotect.c:224
Modules linked in:
CPU: 1 PID: 4164 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
RIP: 0010:make_pte_marker_entry include/linux/swapops.h:309 [inline]
RIP: 0010:make_pte_marker include/linux/swapops.h:332 [inline]
RIP: 0010:change_pte_range+0x940/0x1280 mm/mprotect.c:232
Code: ff ff 4c 8b bc 24 a0 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 ca 7b 0d 00 49 83 3f 00 0f 84 50 fa ff ff <0f> 0b 48 8d bc 24 e0 00 00 00 49 89 ff 49 c1 ef 03 43 80 3c 37 00
RSP: 0018:ffffc90002dbf5a0 EFLAGS: 00010282
RAX: 1ffff110047a0a54 RBX: ffff8880702ce1e8 RCX: ffffc90002dbf9b8
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880796a0d00
RBP: ffffc90002dbf728 R08: dffffc0000000000 R09: ffffed100f2d41a1
R10: ffffed100f2d41a1 R11: 1ffff1100f2d41a0 R12: 000000002063d000
R13: ffff8880702ce1e8 R14: dffffc0000000000 R15: ffff888023d052a0
FS:  00007fb64f8dd700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 0000000023dac000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 change_pmd_range mm/mprotect.c:370 [inline]
 change_pud_range mm/mprotect.c:399 [inline]
 change_p4d_range mm/mprotect.c:420 [inline]
 change_protection_range mm/mprotect.c:444 [inline]
 change_protection+0x4a1/0xca0 mm/mprotect.c:466
 mwriteprotect_range+0x369/0x440 mm/userfaultfd.c:756
 userfaultfd_writeprotect fs/userfaultfd.c:1821 [inline]
 userfaultfd_ioctl+0x95b/0x2850 fs/userfaultfd.c:1995
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0xa7/0xf0 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fb64e68a5a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb64f8dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fb64e7abf80 RCX: 00007fb64e68a5a9
RDX: 00000000200000c0 RSI: 00000000c018aa06 RDI: 0000000000000003
RBP: 00007fb64e6e5580 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffff0e9148f R14: 00007fb64f8dd300 R15: 0000000000022000
 </TASK>