bisecting cause commit starting from bef7b2a7be28638770972ab2709adf11d601c11a
building syzkaller on 5ed396e666c7826bed46f06c4db1409376691fed
testing commit bef7b2a7be28638770972ab2709adf11d601c11a with gcc (GCC) 8.1.0
kernel signature: 14c60f09fc4e1894fd998795e852728bae052fad8dd59c2c60a013b966db976e
all runs: crashed: general protection fault in kernel_get_mempolicy
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 7bc776fc5642009c3f1f48ee755870c4dd8c765c463472e35120a1e047934de0
all runs: OK
# git bisect start bef7b2a7be28638770972ab2709adf11d601c11a 7111951b8d4973bda27ff663f2cf18b663d15b48
Bisecting: 3821 revisions left to test after this (roughly 12 steps)
[29d9f30d4ce6c7a38745a54a8cddface10013490] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
testing commit 29d9f30d4ce6c7a38745a54a8cddface10013490 with gcc (GCC) 8.1.0
kernel signature: d253c44899792e9ca84eada8b79bdf5cc456c76f3055a0c5a4ca74a7edeb4202
all runs: OK
# git bisect good 29d9f30d4ce6c7a38745a54a8cddface10013490
Bisecting: 1948 revisions left to test after this (roughly 11 steps)
[50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 with gcc (GCC) 8.1.0
kernel signature: 8cefa3f65634045ed533ee00204819950ac906208f13b6da9811b7659c9353b4
all runs: OK
# git bisect good 50a5de895dbe5df947b3a695777db5b2c313e065
Bisecting: 1022 revisions left to test after this (roughly 10 steps)
[bc3b3f4bfbded031a11c4284106adddbfacd05bb] Merge tag 'pinctrl-v5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
testing commit bc3b3f4bfbded031a11c4284106adddbfacd05bb with gcc (GCC) 8.1.0
kernel signature: 4afbccb0317e6bbe7a39229091e8fe14b268ca5f8c51ca97122d40c5e0c00ed3
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad bc3b3f4bfbded031a11c4284106adddbfacd05bb
Bisecting: 406 revisions left to test after this (roughly 9 steps)
[6cad420cc695867b4ca710bac21fde21a4102e4b] Merge branch 'akpm' (patches from Andrew)
testing commit 6cad420cc695867b4ca710bac21fde21a4102e4b with gcc (GCC) 8.1.0
kernel signature: 175e90cdccae149d7ae68c6a9f11b45c54c25590c642a536da0f0d69a1e13265
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 6cad420cc695867b4ca710bac21fde21a4102e4b
Bisecting: 264 revisions left to test after this (roughly 8 steps)
[7db83c070bd29e73c8bb42d4b48c976be76f1dbe] Merge tag 'vfs-5.7-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
testing commit 7db83c070bd29e73c8bb42d4b48c976be76f1dbe with gcc (GCC) 8.1.0
kernel signature: 2ed60c5316541ef2353bb0671c62b75fdb53159f2a8949ac8a04f41ef644bcd0
all runs: OK
# git bisect good 7db83c070bd29e73c8bb42d4b48c976be76f1dbe
Bisecting: 132 revisions left to test after this (roughly 7 steps)
[6923aa0d8c629a7853822626877dcb11f4f1d354] mm/compaction: Disable compact_unevictable_allowed on RT
testing commit 6923aa0d8c629a7853822626877dcb11f4f1d354 with gcc (GCC) 8.1.0
kernel signature: e2bec4ac51ca820d330be5d4e805541581b6ba4853fea7149a1bd654d98ce93e
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 6923aa0d8c629a7853822626877dcb11f4f1d354
Bisecting: 65 revisions left to test after this (roughly 6 steps)
[92d0510c3585970fb26af27f7fd3ba58321523ac] mm: kmem: switch to nr_pages in (__)memcg_kmem_charge_memcg()
testing commit 92d0510c3585970fb26af27f7fd3ba58321523ac with gcc (GCC) 8.1.0
kernel signature: b904a149f8bcde61d0366082b1f1f3b764b48f77b4b23db3163685d781b2e0a9
all runs: OK
# git bisect good 92d0510c3585970fb26af27f7fd3ba58321523ac
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[4426e945df588f2878affddf88a51259200f7e29] mm/gup: allow VM_FAULT_RETRY for multiple times
testing commit 4426e945df588f2878affddf88a51259200f7e29 with gcc (GCC) 8.1.0
kernel signature: 6e43d65bcf47eb1a66ed5b8424c2b8ef734d732d62d694f0a3c01380ca10dac8
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 4426e945df588f2878affddf88a51259200f7e29
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[b44437723cbcb5acd64ed25a4938b95fbb9bfccb] mm/vma: move VM_NO_KHUGEPAGED into generic header
testing commit b44437723cbcb5acd64ed25a4938b95fbb9bfccb with gcc (GCC) 8.1.0
kernel signature: 774d6a316b6a0667ee2315a186adb5bf570df149756df2931e913bfd42399c04
all runs: OK
# git bisect good b44437723cbcb5acd64ed25a4938b95fbb9bfccb
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[24a62cf41f670fcba90dfba4db2a59a22cc830d5] arc/mm: use helper fault_signal_pending()
testing commit 24a62cf41f670fcba90dfba4db2a59a22cc830d5 with gcc (GCC) 8.1.0
kernel signature: 7f0bb7a1a80545ae5b34b17861ff25b00157c524cb8a500f1c35718912e4db8f
all runs: OK
# git bisect good 24a62cf41f670fcba90dfba4db2a59a22cc830d5
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[8b9a65fd282c1d2e5b8ba8d8afaf652cde27b5e7] mm: return faster for non-fatal signals in user mode faults
testing commit 8b9a65fd282c1d2e5b8ba8d8afaf652cde27b5e7 with gcc (GCC) 8.1.0
kernel signature: 36128920d219507ddf2b74a92dc415d7e69a6614d2d3fad94a57b427e46ce243
all runs: OK
# git bisect good 8b9a65fd282c1d2e5b8ba8d8afaf652cde27b5e7
Bisecting: 2 revisions left to test after this (roughly 1 step)
[dde1607248328cdb7570e3a252e8fb76b3411d66] mm: introduce FAULT_FLAG_DEFAULT
testing commit dde1607248328cdb7570e3a252e8fb76b3411d66 with gcc (GCC) 8.1.0
kernel signature: fc719d51c4e0d472d2fb0dac202e03f845fb5e7a435c94ecc6dd0526229e277d
all runs: OK
# git bisect good dde1607248328cdb7570e3a252e8fb76b3411d66
Bisecting: 0 revisions left to test after this (roughly 1 step)
[4064b982706375025628094e51d11cf1a958a5d3] mm: allow VM_FAULT_RETRY for multiple times
testing commit 4064b982706375025628094e51d11cf1a958a5d3 with gcc (GCC) 8.1.0
kernel signature: 8494e7be2a5030cdd7ea57492f0ef4fdfc84562fdf80f0791f23aaee0e35699c
all runs: OK
# git bisect good 4064b982706375025628094e51d11cf1a958a5d3
4426e945df588f2878affddf88a51259200f7e29 is the first bad commit
commit 4426e945df588f2878affddf88a51259200f7e29
Author: Peter Xu <peterx@redhat.com>
Date:   Wed Apr 1 21:08:49 2020 -0700

    mm/gup: allow VM_FAULT_RETRY for multiple times
    
    This is the gup counterpart of the change that allows the VM_FAULT_RETRY
    to happen for more than once.  One thing to mention is that we must check
    the fatal signal here before retry because the GUP can be interrupted by
    that, otherwise we can loop forever.
    
    Signed-off-by: Peter Xu <peterx@redhat.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Tested-by: Brian Geffon <bgeffon@google.com>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Cc: Bobby Powers <bobbypowers@gmail.com>
    Cc: David Hildenbrand <david@redhat.com>
    Cc: Denis Plotnikov <dplotnikov@virtuozzo.com>
    Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Jerome Glisse <jglisse@redhat.com>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: "Kirill A . Shutemov" <kirill@shutemov.name>
    Cc: Martin Cracauer <cracauer@cons.org>
    Cc: Marty McFadden <mcfadden8@llnl.gov>
    Cc: Matthew Wilcox <willy@infradead.org>
    Cc: Maya Gokhale <gokhale2@llnl.gov>
    Cc: Mel Gorman <mgorman@suse.de>
    Cc: Mike Kravetz <mike.kravetz@oracle.com>
    Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
    Cc: Pavel Emelyanov <xemul@openvz.org>
    Link: http://lkml.kernel.org/r/20200220195357.16371-1-peterx@redhat.com
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

 mm/gup.c     | 27 +++++++++++++++++++++------
 mm/hugetlb.c |  6 ++++--
 2 files changed, 25 insertions(+), 8 deletions(-)
culprit signature: 6e43d65bcf47eb1a66ed5b8424c2b8ef734d732d62d694f0a3c01380ca10dac8
parent  signature: 8494e7be2a5030cdd7ea57492f0ef4fdfc84562fdf80f0791f23aaee0e35699c
revisions tested: 15, total time: 3h45m24.540122506s (build: 1h21m1.818570428s, test: 2h23m34.498534638s)
first bad commit: 4426e945df588f2878affddf88a51259200f7e29 mm/gup: allow VM_FAULT_RETRY for multiple times
cc: ["akpm@linux-foundation.org" "bgeffon@google.com" "peterx@redhat.com" "torvalds@linux-foundation.org"]
crash: general protection fault in kernel_get_mempolicy
general protection fault, probably for non-canonical address 0xdffffc0002848af3: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000000014245798-0x000000001424579f]
CPU: 0 PID: 13750 Comm: syz-executor.1 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:page_to_nid include/linux/mm.h:1245 [inline]
RIP: 0010:lookup_node mm/mempolicy.c:877 [inline]
RIP: 0010:do_get_mempolicy mm/mempolicy.c:941 [inline]
RIP: 0010:kernel_get_mempolicy+0x4d1/0xf10 mm/mempolicy.c:1586
Code: cf 48 89 c1 e8 f0 f6 f3 ff 85 c0 0f 88 10 06 00 00 48 8b 94 24 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 f6 08 00 00 48 8b 1a 48 83 fb ff 0f 84 bb 06 00
RSP: 0018:ffffc900080a7db8 EFLAGS: 00010207
RAX: dffffc0000000000 RBX: ffffc900080a7f58 RCX: 0000000002848af3
RDX: 000000001424579e RSI: dffffc0000000000 RDI: ffff888098a98918
RBP: 1ffff92001014fbc R08: ffffed1013153039 R09: ffffed1013153039
R10: ffffed1013153038 R11: ffff888098a981c7 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88c60ce0
FS:  00007f104a20e700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdb7a4afb8 CR3: 000000009b7c9000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __do_sys_get_mempolicy mm/mempolicy.c:1604 [inline]
 __se_sys_get_mempolicy mm/mempolicy.c:1600 [inline]
 __x64_sys_get_mempolicy+0xb5/0x150 mm/mempolicy.c:1600
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f104a20dc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ef
RAX: ffffffffffffffda RBX: 00007f104a20e6d4 RCX: 000000000045c849
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 000000000076bf00 R08: 0000000000000003 R09: 0000000000000000
R10: 000000002073b000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000000eb R14: 00000000004c371a R15: 000000000076bf0c
Modules linked in:
---[ end trace affc57e38105caa9 ]---
RIP: 0010:page_to_nid include/linux/mm.h:1245 [inline]
RIP: 0010:lookup_node mm/mempolicy.c:877 [inline]
RIP: 0010:do_get_mempolicy mm/mempolicy.c:941 [inline]
RIP: 0010:kernel_get_mempolicy+0x4d1/0xf10 mm/mempolicy.c:1586
Code: cf 48 89 c1 e8 f0 f6 f3 ff 85 c0 0f 88 10 06 00 00 48 8b 94 24 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 f6 08 00 00 48 8b 1a 48 83 fb ff 0f 84 bb 06 00
RSP: 0018:ffffc900080a7db8 EFLAGS: 00010207
RAX: dffffc0000000000 RBX: ffffc900080a7f58 RCX: 0000000002848af3
RDX: 000000001424579e RSI: dffffc0000000000 RDI: ffff888098a98918
RBP: 1ffff92001014fbc R08: ffffed1013153039 R09: ffffed1013153039
R10: ffffed1013153038 R11: ffff888098a981c7 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88c60ce0
FS:  00007f104a20e700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6dba97c000 CR3: 000000009b7c9000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400