bisecting cause commit starting from dbfe7d74376e187f3c6eaff822e85176bc2cd06e
building syzkaller on 37bccd4ed9e71025cd84e857f9ffca4ec8451c6b
testing commit dbfe7d74376e187f3c6eaff822e85176bc2cd06e with gcc (GCC) 8.1.0
kernel signature: 0321f959b4b46d250186b7d6476b823e6b34a9a185539d60f6d2b72ef931f5ec
all runs: crashed: general protection fault in unpin_user_pages
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: dfc253e55dfbce1a44128f5e9535ad6a2134be33df7b97932654e44ef3b8c86e
all runs: OK
# git bisect start dbfe7d74376e187f3c6eaff822e85176bc2cd06e 7111951b8d4973bda27ff663f2cf18b663d15b48
Bisecting: 7923 revisions left to test after this (roughly 13 steps)
[6cad420cc695867b4ca710bac21fde21a4102e4b] Merge branch 'akpm' (patches from Andrew)
testing commit 6cad420cc695867b4ca710bac21fde21a4102e4b with gcc (GCC) 8.1.0
kernel signature: cc7a6061ff3aca6909c0fedd8b170053b6bf553f8b7dc27b09cbd18b727e0a4d
all runs: OK
# git bisect good 6cad420cc695867b4ca710bac21fde21a4102e4b
Bisecting: 3961 revisions left to test after this (roughly 12 steps)
[672e24772aeb45293c86f6176520d98b19cd48a1] ipv6: remove redundant assignment to variable err
testing commit 672e24772aeb45293c86f6176520d98b19cd48a1 with gcc (GCC) 8.1.0
kernel signature: da105aca5627962859db0672f58868ec768553c294e37989a2187359f8b02a32
all runs: OK
# git bisect good 672e24772aeb45293c86f6176520d98b19cd48a1
Bisecting: 1980 revisions left to test after this (roughly 11 steps)
[c6168161f693e6d26cdcce891f99399f1432ac80] net/mlx5: Add support for release all pages event
testing commit c6168161f693e6d26cdcce891f99399f1432ac80 with gcc (GCC) 8.1.0
kernel signature: d9b7afbbd205c3290eaa79527ffc635bf2a07a634131c3baec47f8305fe6bf97
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good c6168161f693e6d26cdcce891f99399f1432ac80
Bisecting: 1028 revisions left to test after this (roughly 10 steps)
[3031a86ebd3f9c818486dd7433f121c27ef23188] Merge branch 'Add-QRTR-MHI-client-driver'
testing commit 3031a86ebd3f9c818486dd7433f121c27ef23188 with gcc (GCC) 8.1.0
kernel signature: fa0637c82393daf927bacd1c9dacb87df2ab7df44ebf75eadd2498cf25125380
all runs: OK
# git bisect good 3031a86ebd3f9c818486dd7433f121c27ef23188
Bisecting: 507 revisions left to test after this (roughly 9 steps)
[d00f26b623333f2419f4c3b95ff11c8b1bb96f56] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
testing commit d00f26b623333f2419f4c3b95ff11c8b1bb96f56 with gcc (GCC) 8.1.0
kernel signature: 9760de891df7833a62277da487381afa0ffa3512cb8951dea18e18cafe766347
all runs: OK
# git bisect good d00f26b623333f2419f4c3b95ff11c8b1bb96f56
Bisecting: 259 revisions left to test after this (roughly 8 steps)
[1ae7efb388540adc1653a51a3bc3b2c9cef5ec1a] Merge tag 'mmc-v5.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
testing commit 1ae7efb388540adc1653a51a3bc3b2c9cef5ec1a with gcc (GCC) 8.1.0
kernel signature: 9f27ff981a1273c35056e3b6beaebfcaa717596217f44d93ee9be4b6d13d8223
all runs: OK
# git bisect good 1ae7efb388540adc1653a51a3bc3b2c9cef5ec1a
Bisecting: 99 revisions left to test after this (roughly 7 steps)
[f85c1598ddfe83f61d0656bd1d2025fa3b148b99] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit f85c1598ddfe83f61d0656bd1d2025fa3b148b99 with gcc (GCC) 8.1.0
kernel signature: ec45542843f0b8c0ed99e2d3ce19798ee990d435f4774d2793461c87a02f9070
all runs: OK
# git bisect good f85c1598ddfe83f61d0656bd1d2025fa3b148b99
Bisecting: 49 revisions left to test after this (roughly 6 steps)
[5148e5950c675a26ab1f5eb4b291e9bd986116c9] cxgb4: add EOTID tracking and software context dump
testing commit 5148e5950c675a26ab1f5eb4b291e9bd986116c9 with gcc (GCC) 8.1.0
kernel signature: d0c26a31b49995fadfff23aa56f7edbe5b1235947b973835d3a97bdd9c588468
all runs: OK
# git bisect good 5148e5950c675a26ab1f5eb4b291e9bd986116c9
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[a0c1d0eafd1ef1ada3b588ea205e5bc37ae0d8d9] mptcp: Use 32-bit DATA_ACK when possible
testing commit a0c1d0eafd1ef1ada3b588ea205e5bc37ae0d8d9 with gcc (GCC) 8.1.0
kernel signature: 4cf67dd5f44fe2ffade537a09fe7e05384e7cb74a21d8c41bb18262dd7c68cd6
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good a0c1d0eafd1ef1ada3b588ea205e5bc37ae0d8d9
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[d53b1162d72a24c8bd2b03116d83070b4e770eaa] Merge branch 'mlxsw-Reorganize-trap-data'
testing commit d53b1162d72a24c8bd2b03116d83070b4e770eaa with gcc (GCC) 8.1.0
kernel signature: a79e89ccc96e39a4cf95a9e4599d0e09f72907b3438e14ce3ac6a834078df040
all runs: OK
# git bisect good d53b1162d72a24c8bd2b03116d83070b4e770eaa
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[fb529e62d3f3e85001108213dc323c35f2765575] mptcp: break and restart in case mptcp sndbuf is full
testing commit fb529e62d3f3e85001108213dc323c35f2765575 with gcc (GCC) 8.1.0
kernel signature: 1debe5471a5911de2a3baaf00c97f4f897e0d05f899195af8623000b0039023c
all runs: OK
# git bisect good fb529e62d3f3e85001108213dc323c35f2765575
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[17091708d1e503383f20934631305ccb375b0eb1] mptcp: fill skb page frag cache outside of mptcp_sendmsg_frag
testing commit 17091708d1e503383f20934631305ccb375b0eb1 with gcc (GCC) 8.1.0
kernel signature: 0a30f9832bcb4930ecb4a26a343fe4bf72671bae31c29ed8d1b9042c8e32c4bd
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good 17091708d1e503383f20934631305ccb375b0eb1
Bisecting: 1 revision left to test after this (roughly 1 step)
[4930f4831b1547b52c5968e9307fe3d840d7fba0] net: allow __skb_ext_alloc to sleep
testing commit 4930f4831b1547b52c5968e9307fe3d840d7fba0 with gcc (GCC) 8.1.0
kernel signature: b9ded62cfbdc7ff7e0ff67cba8634aa888e1cb157d20ecb236064f0e56fd6b72
all runs: OK
# git bisect good 4930f4831b1547b52c5968e9307fe3d840d7fba0
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[9740a7ae6d5208897bf3ef49e8595dc4cfd323ee] Merge branch 'mptcp-do-not-block-on-subflow-socket'
testing commit 9740a7ae6d5208897bf3ef49e8595dc4cfd323ee with gcc (GCC) 8.1.0
kernel signature: 5c2ff47d6f6d440c26fe2e87c282bf9ff6eedbb0c5b332c3480dda7d007eab06
all runs: OK
# git bisect good 9740a7ae6d5208897bf3ef49e8595dc4cfd323ee
dbfe7d74376e187f3c6eaff822e85176bc2cd06e is the first bad commit
commit dbfe7d74376e187f3c6eaff822e85176bc2cd06e
Author: John Hubbard <jhubbard@nvidia.com>
Date:   Sat May 16 18:23:36 2020 -0700

    rds: convert get_user_pages() --> pin_user_pages()
    
    This code was using get_user_pages_fast(), in a "Case 2" scenario
    (DMA/RDMA), using the categorization from [1]. That means that it's
    time to convert the get_user_pages_fast() + put_page() calls to
    pin_user_pages_fast() + unpin_user_pages() calls.
    
    There is some helpful background in [2]: basically, this is a small
    part of fixing a long-standing disconnect between pinning pages, and
    file systems' use of those pages.
    
    [1] Documentation/core-api/pin_user_pages.rst
    
    [2] "Explicit pinning of user-space pages":
        https://lwn.net/Articles/807108/
    
    Cc: David S. Miller <davem@davemloft.net>
    Cc: Jakub Kicinski <kuba@kernel.org>
    Cc: netdev@vger.kernel.org
    Cc: linux-rdma@vger.kernel.org
    Cc: rds-devel@oss.oracle.com
    Signed-off-by: John Hubbard <jhubbard@nvidia.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 net/rds/info.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)
culprit signature: 0321f959b4b46d250186b7d6476b823e6b34a9a185539d60f6d2b72ef931f5ec
parent  signature: 5c2ff47d6f6d440c26fe2e87c282bf9ff6eedbb0c5b332c3480dda7d007eab06
revisions tested: 16, total time: 4h11m24.366411006s (build: 1h33m29.708058244s, test: 2h36m45.060264391s)
first bad commit: dbfe7d74376e187f3c6eaff822e85176bc2cd06e rds: convert get_user_pages() --> pin_user_pages()
cc: ["davem@davemloft.net" "jhubbard@nvidia.com" "kuba@kernel.org" "linux-kernel@vger.kernel.org" "linux-rdma@vger.kernel.org" "netdev@vger.kernel.org" "rds-devel@oss.oracle.com" "santosh.shilimkar@oracle.com"]
crash: general protection fault in unpin_user_pages
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f438a5a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00000000004dd500 RCX: 000000000045ca29
RDX: 0000000000002710 RSI: 0000200000000114 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000020000000 R09: 0000000000000000
R10: 0000000020c35fff R11: 0000000000000246 R12: 0000000000000004
R13: 000000000000011b R14: 00000000004c3bbc R15: 00007f438a5a26d4
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 8452 Comm: syz-executor.0 Not tainted 5.7.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:unpin_user_pages+0x24/0x60 mm/gup.c:338
Code: 84 00 00 00 00 00 48 85 f6 74 42 41 55 49 bd 00 00 00 00 00 fc ff df 41 54 49 89 f4 55 31 ed 53 48 89 fb 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 75 1d 48 8b 3b 48 83 c5 01 48 83 c3 08 e8 35 fa ff
RSP: 0018:ffffc900047e7cf8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000011 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffed1015d07164 R09: ffffed1015d07164
R10: ffff8880ae838b1b R11: ffffed1015d07163 R12: 0000000000000011
R13: dffffc0000000000 R14: 0000000000000011 R15: 000000000000f002
FS:  00007f438a5a2700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005634d0c2a9c0 CR3: 00000000a251d000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rds_info_getsockopt+0x1fc/0x330 net/rds/info.c:237
 __sys_getsockopt+0x114/0x280 net/socket.c:2172
 __do_sys_getsockopt net/socket.c:2187 [inline]
 __se_sys_getsockopt net/socket.c:2184 [inline]
 __x64_sys_getsockopt+0xb5/0x150 net/socket.c:2184
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45ca29
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f438a5a1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00000000004dd500 RCX: 000000000045ca29
RDX: 0000000000002710 RSI: 0000200000000114 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000020000000 R09: 0000000000000000
R10: 0000000020c35fff R11: 0000000000000246 R12: 0000000000000004
R13: 000000000000011b R14: 00000000004c3bbc R15: 00007f438a5a26d4
Modules linked in:
---[ end trace b1c3109b1ad44402 ]---
RIP: 0010:unpin_user_pages+0x24/0x60 mm/gup.c:338
Code: 84 00 00 00 00 00 48 85 f6 74 42 41 55 49 bd 00 00 00 00 00 fc ff df 41 54 49 89 f4 55 31 ed 53 48 89 fb 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 75 1d 48 8b 3b 48 83 c5 01 48 83 c3 08 e8 35 fa ff
RSP: 0018:ffffc900047e7cf8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000011 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffed1015d07164 R09: ffffed1015d07164
R10: ffff8880ae838b1b R11: ffffed1015d07163 R12: 0000000000000011
R13: dffffc0000000000 R14: 0000000000000011 R15: 000000000000f002
FS:  00007f438a5a2700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005634d0c2a9c0 CR3: 00000000a251d000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400