bisecting cause commit starting from bef7b2a7be28638770972ab2709adf11d601c11a
building syzkaller on 5ed396e666c7826bed46f06c4db1409376691fed
testing commit bef7b2a7be28638770972ab2709adf11d601c11a with gcc (GCC) 8.1.0
kernel signature: f3664f3785e8562642a052807a56f5d36f209da68705847a8f0f2bf99b1e4d66
all runs: crashed: general protection fault in kernel_get_mempolicy
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: a37b8deb3ba4064fec2ff2a492cfe73e5f24858b1a94f3c1a546ceb3a5f6d094
all runs: OK
# git bisect start bef7b2a7be28638770972ab2709adf11d601c11a 7111951b8d4973bda27ff663f2cf18b663d15b48
Bisecting: 3821 revisions left to test after this (roughly 12 steps)
[29d9f30d4ce6c7a38745a54a8cddface10013490] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
testing commit 29d9f30d4ce6c7a38745a54a8cddface10013490 with gcc (GCC) 8.1.0
kernel signature: 1527f8a28acf83cf4890ff56dcf2df9066937aab55604b8df5bfd02d1939ab0a
all runs: OK
# git bisect good 29d9f30d4ce6c7a38745a54a8cddface10013490
Bisecting: 1948 revisions left to test after this (roughly 11 steps)
[50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 with gcc (GCC) 8.1.0
kernel signature: 277c40948d11c681626fba93a3fd6bf624065dbbab29d7e519ef246bb21dba4d
all runs: OK
# git bisect good 50a5de895dbe5df947b3a695777db5b2c313e065
Bisecting: 1022 revisions left to test after this (roughly 10 steps)
[bc3b3f4bfbded031a11c4284106adddbfacd05bb] Merge tag 'pinctrl-v5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
testing commit bc3b3f4bfbded031a11c4284106adddbfacd05bb with gcc (GCC) 8.1.0
kernel signature: 63d788a7cafdfba55e0e31d9b754ebe3232630e93f686940ed24cb15c050d48c
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad bc3b3f4bfbded031a11c4284106adddbfacd05bb
Bisecting: 406 revisions left to test after this (roughly 9 steps)
[6cad420cc695867b4ca710bac21fde21a4102e4b] Merge branch 'akpm' (patches from Andrew)
testing commit 6cad420cc695867b4ca710bac21fde21a4102e4b with gcc (GCC) 8.1.0
kernel signature: 44890fc6490f046ed2c4bc9b005167352ecec330432e7bbe4ac1d18fa6022628
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 6cad420cc695867b4ca710bac21fde21a4102e4b
Bisecting: 264 revisions left to test after this (roughly 8 steps)
[7db83c070bd29e73c8bb42d4b48c976be76f1dbe] Merge tag 'vfs-5.7-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
testing commit 7db83c070bd29e73c8bb42d4b48c976be76f1dbe with gcc (GCC) 8.1.0
kernel signature: 132105c7495b3dae0f5a0e8f68ca23a5e4134209e9d8a2dd445def15b319506a
all runs: OK
# git bisect good 7db83c070bd29e73c8bb42d4b48c976be76f1dbe
Bisecting: 132 revisions left to test after this (roughly 7 steps)
[6923aa0d8c629a7853822626877dcb11f4f1d354] mm/compaction: Disable compact_unevictable_allowed on RT
testing commit 6923aa0d8c629a7853822626877dcb11f4f1d354 with gcc (GCC) 8.1.0
kernel signature: de4415dad142226d43f056c7964924b13e15b5b01aeab9f63368d4931e7781a9
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 6923aa0d8c629a7853822626877dcb11f4f1d354
Bisecting: 65 revisions left to test after this (roughly 6 steps)
[92d0510c3585970fb26af27f7fd3ba58321523ac] mm: kmem: switch to nr_pages in (__)memcg_kmem_charge_memcg()
testing commit 92d0510c3585970fb26af27f7fd3ba58321523ac with gcc (GCC) 8.1.0
kernel signature: f300343f560e0286f3b0fd13eec10a59f358aa38040aae07dc4c6fc8165308d4
all runs: OK
# git bisect good 92d0510c3585970fb26af27f7fd3ba58321523ac
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[4426e945df588f2878affddf88a51259200f7e29] mm/gup: allow VM_FAULT_RETRY for multiple times
testing commit 4426e945df588f2878affddf88a51259200f7e29 with gcc (GCC) 8.1.0
kernel signature: 45d205a646c3fafe97ad6e80d19f35e3e1bca5ad41c26d7f01204a1211cb56c0
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 4426e945df588f2878affddf88a51259200f7e29
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[b44437723cbcb5acd64ed25a4938b95fbb9bfccb] mm/vma: move VM_NO_KHUGEPAGED into generic header
testing commit b44437723cbcb5acd64ed25a4938b95fbb9bfccb with gcc (GCC) 8.1.0
kernel signature: a35cb49cc44d0f7bcb59529e99bbc45145f27a0c61642d74109e093a5ccd6eea
all runs: OK
# git bisect good b44437723cbcb5acd64ed25a4938b95fbb9bfccb
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[24a62cf41f670fcba90dfba4db2a59a22cc830d5] arc/mm: use helper fault_signal_pending()
testing commit 24a62cf41f670fcba90dfba4db2a59a22cc830d5 with gcc (GCC) 8.1.0
kernel signature: 18d2f7d5177ea9046210e3f04b2917f19867ffbf12c35058f8305d54ddb373c4
all runs: OK
# git bisect good 24a62cf41f670fcba90dfba4db2a59a22cc830d5
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[8b9a65fd282c1d2e5b8ba8d8afaf652cde27b5e7] mm: return faster for non-fatal signals in user mode faults
testing commit 8b9a65fd282c1d2e5b8ba8d8afaf652cde27b5e7 with gcc (GCC) 8.1.0
kernel signature: c95371c652c06d9e9b1b531347a261b813b03edd50cbbada0b56f48e97f00ac1
all runs: OK
# git bisect good 8b9a65fd282c1d2e5b8ba8d8afaf652cde27b5e7
Bisecting: 2 revisions left to test after this (roughly 1 step)
[dde1607248328cdb7570e3a252e8fb76b3411d66] mm: introduce FAULT_FLAG_DEFAULT
testing commit dde1607248328cdb7570e3a252e8fb76b3411d66 with gcc (GCC) 8.1.0
kernel signature: 6e5653aa53979777b74041e32526603656753db6ad7c4fa6ce5e3b49f747d099
all runs: OK
# git bisect good dde1607248328cdb7570e3a252e8fb76b3411d66
Bisecting: 0 revisions left to test after this (roughly 1 step)
[4064b982706375025628094e51d11cf1a958a5d3] mm: allow VM_FAULT_RETRY for multiple times
testing commit 4064b982706375025628094e51d11cf1a958a5d3 with gcc (GCC) 8.1.0
kernel signature: f2d0ac5877258fb9f4e6a78859406c9bec2cbd77cad366fecdca6ac12d873599
all runs: OK
# git bisect good 4064b982706375025628094e51d11cf1a958a5d3
4426e945df588f2878affddf88a51259200f7e29 is the first bad commit
commit 4426e945df588f2878affddf88a51259200f7e29
Author: Peter Xu <peterx@redhat.com>
Date:   Wed Apr 1 21:08:49 2020 -0700

    mm/gup: allow VM_FAULT_RETRY for multiple times
    
    This is the gup counterpart of the change that allows the VM_FAULT_RETRY
    to happen for more than once.  One thing to mention is that we must check
    the fatal signal here before retry because the GUP can be interrupted by
    that, otherwise we can loop forever.
    
    Signed-off-by: Peter Xu <peterx@redhat.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Tested-by: Brian Geffon <bgeffon@google.com>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Cc: Bobby Powers <bobbypowers@gmail.com>
    Cc: David Hildenbrand <david@redhat.com>
    Cc: Denis Plotnikov <dplotnikov@virtuozzo.com>
    Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Jerome Glisse <jglisse@redhat.com>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: "Kirill A . Shutemov" <kirill@shutemov.name>
    Cc: Martin Cracauer <cracauer@cons.org>
    Cc: Marty McFadden <mcfadden8@llnl.gov>
    Cc: Matthew Wilcox <willy@infradead.org>
    Cc: Maya Gokhale <gokhale2@llnl.gov>
    Cc: Mel Gorman <mgorman@suse.de>
    Cc: Mike Kravetz <mike.kravetz@oracle.com>
    Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
    Cc: Pavel Emelyanov <xemul@openvz.org>
    Link: http://lkml.kernel.org/r/20200220195357.16371-1-peterx@redhat.com
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

 mm/gup.c     | 27 +++++++++++++++++++++------
 mm/hugetlb.c |  6 ++++--
 2 files changed, 25 insertions(+), 8 deletions(-)
culprit signature: 45d205a646c3fafe97ad6e80d19f35e3e1bca5ad41c26d7f01204a1211cb56c0
parent  signature: f2d0ac5877258fb9f4e6a78859406c9bec2cbd77cad366fecdca6ac12d873599
revisions tested: 15, total time: 3h43m45.866183023s (build: 1h21m22.031055873s, test: 2h21m30.412458957s)
first bad commit: 4426e945df588f2878affddf88a51259200f7e29 mm/gup: allow VM_FAULT_RETRY for multiple times
cc: ["akpm@linux-foundation.org" "bgeffon@google.com" "peterx@redhat.com" "torvalds@linux-foundation.org"]
crash: general protection fault in kernel_get_mempolicy
general protection fault, probably for non-canonical address 0xdffffc0006eedf84: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x000000003776fc20-0x000000003776fc27]
CPU: 0 PID: 14662 Comm: syz-executor.3 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:page_to_nid include/linux/mm.h:1245 [inline]
RIP: 0010:lookup_node mm/mempolicy.c:877 [inline]
RIP: 0010:do_get_mempolicy mm/mempolicy.c:941 [inline]
RIP: 0010:kernel_get_mempolicy+0x4d1/0xf10 mm/mempolicy.c:1586
Code: cf 48 89 c1 e8 f0 f6 f3 ff 85 c0 0f 88 10 06 00 00 48 8b 94 24 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 f6 08 00 00 48 8b 1a 48 83 fb ff 0f 84 bb 06 00
RSP: 0018:ffffc9000206fdb8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffc9000206ff58 RCX: 0000000006eedf84
RDX: 000000003776fc22 RSI: dffffc0000000000 RDI: ffff888090e1aa98
RBP: 1ffff9200040dfbc R08: ffffed10121c3469 R09: ffffed10121c3469
R10: ffffed10121c3468 R11: ffff888090e1a347 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88c60ce0
FS:  00007fb3427a5700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb342762db8 CR3: 00000000a8726000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __do_sys_get_mempolicy mm/mempolicy.c:1604 [inline]
 __se_sys_get_mempolicy mm/mempolicy.c:1600 [inline]
 __x64_sys_get_mempolicy+0xb5/0x150 mm/mempolicy.c:1600
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fb3427a4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ef
RAX: ffffffffffffffda RBX: 00007fb3427a56d4 RCX: 000000000045c849
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 000000000076bf00 R08: 0000000000000003 R09: 0000000000000000
R10: 000000002073b000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000000eb R14: 00000000004c371a R15: 000000000076bf0c
Modules linked in:
---[ end trace 5304fe0e5c2a2ad2 ]---
RIP: 0010:page_to_nid include/linux/mm.h:1245 [inline]
RIP: 0010:lookup_node mm/mempolicy.c:877 [inline]
RIP: 0010:do_get_mempolicy mm/mempolicy.c:941 [inline]
RIP: 0010:kernel_get_mempolicy+0x4d1/0xf10 mm/mempolicy.c:1586
Code: cf 48 89 c1 e8 f0 f6 f3 ff 85 c0 0f 88 10 06 00 00 48 8b 94 24 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 f6 08 00 00 48 8b 1a 48 83 fb ff 0f 84 bb 06 00
RSP: 0018:ffffc9000206fdb8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffc9000206ff58 RCX: 0000000006eedf84
RDX: 000000003776fc22 RSI: dffffc0000000000 RDI: ffff888090e1aa98
RBP: 1ffff9200040dfbc R08: ffffed10121c3469 R09: ffffed10121c3469
R10: ffffed10121c3468 R11: ffff888090e1a347 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88c60ce0
FS:  00007fb3427a5700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd3c59cd58 CR3: 00000000a8726000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400