bisecting cause commit starting from 0d8b3265d9a6376b416b3ba86f758a5c6a85a6df
building syzkaller on c85e1c5be98819e885698b690ac15a8d05ae38a6
testing commit 0d8b3265d9a6376b416b3ba86f758a5c6a85a6df with gcc (GCC) 8.1.0
all runs: crashed: kernel BUG at mm/vmscan.c:LINE!
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
all runs: OK
# git bisect start 0d8b3265d9a6376b416b3ba86f758a5c6a85a6df v5.2
Bisecting: 8460 revisions left to test after this (roughly 13 steps)
[db9a0975a20c1f21c108b9d44545792d790593e4] docs: ia64: convert to ReST
testing commit db9a0975a20c1f21c108b9d44545792d790593e4 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good db9a0975a20c1f21c108b9d44545792d790593e4
Bisecting: 4461 revisions left to test after this (roughly 12 steps)
[8362fd64f07eaef7155c94fca8dee91c4f99a666] Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 8362fd64f07eaef7155c94fca8dee91c4f99a666 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 8362fd64f07eaef7155c94fca8dee91c4f99a666
Bisecting: 2251 revisions left to test after this (roughly 11 steps)
[01ae71ed4744e0325339c53419b46e74091c38ec] Merge remote-tracking branch 'jc_docs/docs-next'
testing commit 01ae71ed4744e0325339c53419b46e74091c38ec with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 01ae71ed4744e0325339c53419b46e74091c38ec
Bisecting: 1132 revisions left to test after this (roughly 10 steps)
[5a7c7f492ea6437126d634073ae9895209b52893] Merge remote-tracking branch 'drm-tegra/drm/tegra/for-next'
testing commit 5a7c7f492ea6437126d634073ae9895209b52893 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 5a7c7f492ea6437126d634073ae9895209b52893
Bisecting: 565 revisions left to test after this (roughly 9 steps)
[177ecd6ec1720982de9cdd8b086cd5a13067a0f5] Merge remote-tracking branch 'devicetree/for-next'
testing commit 177ecd6ec1720982de9cdd8b086cd5a13067a0f5 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 177ecd6ec1720982de9cdd8b086cd5a13067a0f5
Bisecting: 277 revisions left to test after this (roughly 8 steps)
[6caba01aedcffb4f3a2498864a6ba1a5da2883bf] Merge remote-tracking branch 'staging/staging-next'
testing commit 6caba01aedcffb4f3a2498864a6ba1a5da2883bf with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 6caba01aedcffb4f3a2498864a6ba1a5da2883bf
Bisecting: 131 revisions left to test after this (roughly 7 steps)
[279302d24c6f9d7fe39061ebaf4fe4b94bcb4422] Merge remote-tracking branch 'kspp-gustavo/for-next/kspp'
testing commit 279302d24c6f9d7fe39061ebaf4fe4b94bcb4422 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 279302d24c6f9d7fe39061ebaf4fe4b94bcb4422
Bisecting: 65 revisions left to test after this (roughly 6 steps)
[4bae59a5841df5a2b7d8e79bf113e21e14b14288] mm/sparse.c: fix ALIGN() without power of 2 in sparse_buffer_alloc()
testing commit 4bae59a5841df5a2b7d8e79bf113e21e14b14288 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 4bae59a5841df5a2b7d8e79bf113e21e14b14288
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[30f9baf9f90f36a48c69dbc071c913800b0baab1] kernel/hung_task.c: Monitor killed tasks.
testing commit 30f9baf9f90f36a48c69dbc071c913800b0baab1 with gcc (GCC) 8.1.0
all runs: crashed: kernel BUG at mm/vmscan.c:LINE!
# git bisect bad 30f9baf9f90f36a48c69dbc071c913800b0baab1
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[1bff4d66e7fda613609443f8e49366a9a286d7a5] psi: annotate refault stalls from IO submission
testing commit 1bff4d66e7fda613609443f8e49366a9a286d7a5 with gcc (GCC) 8.1.0
fs/f2fs/data.c:1726:5: error: implicit declaration of function ‘psi_memstall_enter’; did you mean ‘vtime_guest_enter’? [-Werror=implicit-function-declaration]
# git bisect skip 1bff4d66e7fda613609443f8e49366a9a286d7a5
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[06a833a1167e9cbb43a9a4317ec24585c6ec85cb] mm: introduce MADV_PAGEOUT
testing commit 06a833a1167e9cbb43a9a4317ec24585c6ec85cb with gcc (GCC) 8.1.0
all runs: crashed: kernel BUG at mm/vmscan.c:LINE!
# git bisect bad 06a833a1167e9cbb43a9a4317ec24585c6ec85cb
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[f440bf9ae5a98d196d36a90b3237956d82d3dd04] mm-oom_killer-add-task-uid-to-info-message-on-an-oom-kill-fix
testing commit f440bf9ae5a98d196d36a90b3237956d82d3dd04 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good f440bf9ae5a98d196d36a90b3237956d82d3dd04
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[86c9f55e21cd30f23751ae065a5dd8923f7532c7] psi-annotate-refault-stalls-from-io-submission-fix
testing commit 86c9f55e21cd30f23751ae065a5dd8923f7532c7 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 86c9f55e21cd30f23751ae065a5dd8923f7532c7
Bisecting: 1 revision left to test after this (roughly 1 step)
[025e24e9f97ca8dc7d58416074681b801c1ea7f6] mm: change PAGEREF_RECLAIM_CLEAN with PAGE_REFRECLAIM
testing commit 025e24e9f97ca8dc7d58416074681b801c1ea7f6 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 025e24e9f97ca8dc7d58416074681b801c1ea7f6
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[9855b9d289186e49292917b0b5461552c24da83d] mm: account nr_isolated_xxx in [isolate|putback]_lru_page
testing commit 9855b9d289186e49292917b0b5461552c24da83d with gcc (GCC) 8.1.0
run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor911666017" "root@10.128.15.205:./syz-executor911666017"]: exit status 1
ssh: connect to host 10.128.15.205 port 22: Connection timed out
lost connection

run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 9855b9d289186e49292917b0b5461552c24da83d
06a833a1167e9cbb43a9a4317ec24585c6ec85cb is the first bad commit
commit 06a833a1167e9cbb43a9a4317ec24585c6ec85cb
Author: Minchan Kim <minchan@kernel.org>
Date:   Sat Jul 27 15:12:38 2019 +1000

    mm: introduce MADV_PAGEOUT
    
    When a process expects no accesses to a certain memory range for a long
    time, it could hint kernel that the pages can be reclaimed instantly but
    data should be preserved for future use.  This could reduce workingset
    eviction so it ends up increasing performance.
    
    This patch introduces the new MADV_PAGEOUT hint to madvise(2) syscall.
    MADV_PAGEOUT can be used by a process to mark a memory range as not
    expected to be used for a long time so that kernel reclaims *any LRU*
    pages instantly.  The hint can help kernel in deciding which pages to
    evict proactively.
    
    A note: It doesn't apply SWAP_CLUSTER_MAX LRU page isolation limit
    intentionally because it's automatically bounded by PMD size.  If PMD
    size(e.g., 256) makes some trouble, we could fix it later by limit it to
    SWAP_CLUSTER_MAX[1].
    
    - man-page material
    
    MADV_PAGEOUT (since Linux x.x)
    
    Do not expect access in the near future so pages in the specified
    regions could be reclaimed instantly regardless of memory pressure.
    Thus, access in the range after successful operation could cause
    major page fault but never lose the up-to-date contents unlike
    MADV_DONTNEED. Pages belonging to a shared mapping are only processed
    if a write access is allowed for the calling process.
    
    MADV_PAGEOUT cannot be applied to locked pages, Huge TLB pages, or
    VM_PFNMAP pages.
    
    [1] https://lore.kernel.org/lkml/20190710194719.GS29695@dhcp22.suse.cz/
    
    Link: http://lkml.kernel.org/r/20190726023435.214162-5-minchan@kernel.org
    Signed-off-by: Minchan Kim <minchan@kernel.org>
    Reported-by: kbuild test robot <lkp@intel.com>
    Acked-by: Michal Hocko <mhocko@suse.com>
    Cc: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
    Cc: Richard Henderson <rth@twiddle.net>
    Cc: Ralf Baechle <ralf@linux-mips.org>
    Cc: Chris Zankel <chris@zankel.net>
    Cc: Daniel Colascione <dancol@google.com>
    Cc: Dave Hansen <dave.hansen@intel.com>
    Cc: Hillf Danton <hdanton@sina.com>
    Cc: Joel Fernandes (Google) <joel@joelfernandes.org>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
    Cc: Oleksandr Natalenko <oleksandr@redhat.com>
    Cc: Shakeel Butt <shakeelb@google.com>
    Cc: Sonny Rao <sonnyrao@google.com>
    Cc: Suren Baghdasaryan <surenb@google.com>
    Cc: Tim Murray <timmurray@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>

:040000 040000 daa33235ecf6f95ea78f1a32cfcf6305fa4b03f8 d24a98f147b34b997043c53f6807db0104df37bc M	arch
:040000 040000 ad3f755e7d617ca3f19feffbf23b505d749d1eb3 422abdb711f3898aa8f57d27bf2ce332315fe7bd M	include
:040000 040000 fc9b613decc6441ce534565439b9de36722d18ef 94912e94f6284c85be65035de3b442e1a99c8d63 M	mm
revisions tested: 17, total time: 4h14m44.6674923s (build: 1h38m42.073665419s, test: 2h30m8.374888324s)
first bad commit: 06a833a1167e9cbb43a9a4317ec24585c6ec85cb mm: introduce MADV_PAGEOUT
cc: ["akpm@linux-foundation.org" "chris@zankel.net" "dancol@google.com" "dave.hansen@intel.com" "hannes@cmpxchg.org" "hdanton@sina.com" "james.bottomley@hansenpartnership.com" "kirill.shutemov@linux.intel.com" "mhocko@suse.com" "minchan@kernel.org" "oleksandr@redhat.com" "ralf@linux-mips.org" "rth@twiddle.net" "sfr@canb.auug.org.au" "shakeelb@google.com" "sonnyrao@google.com" "surenb@google.com" "timmurray@google.com"]
crash: kernel BUG at mm/vmscan.c:LINE!
page:ffffea0001e90000 refcount:2 mapcount:1 mapping:ffff8880901badd9 index:0x20000 compound_mapcount: 1
anon 
flags: 0x1fffc0000090025(locked|uptodate|active|head|swapbacked)
raw: 01fffc0000090025 dead000000000100 dead000000000122 ffff8880901badd9
raw: 0000000000020000 0000000000000000 00000002ffffffff ffff8880a5ca6440
page dumped because: VM_BUG_ON_PAGE(PageActive(page))
page->mem_cgroup:ffff8880a5ca6440
------------[ cut here ]------------
kernel BUG at mm/vmscan.c:1156!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9423 Comm: syz-executor.3 Not tainted 5.3.0-rc1+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:shrink_page_list+0x195e/0x3810 mm/vmscan.c:1156
Code: 48 c7 c6 40 51 12 87 48 8d 50 ff a8 01 48 0f 44 d3 48 89 d7 e8 03 ff 05 00 0f 0b 48 c7 c6 00 5a 12 87 48 89 df e8 f2 fe 05 00 <0f> 0b 49 8b 45 00 48 c7 c6 40 51 12 87 48 8d 50 ff a8 01 48 0f 44
RSP: 0018:ffff88807a8df5a8 EFLAGS: 00010286
RAX: 0000000000000021 RBX: ffffea0001e90000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff89da6040
RBP: ffff88807a8df7b8 R08: fffffbfff11f50a0 R09: fffffbfff11f50a0
R10: fffffbfff11f509f R11: ffffffff88fa84ff R12: ffff88807a8df828
R13: ffffea0001e90008 R14: ffffea0001e90000 R15: dffffc0000000000
FS:  00007fc4f961f700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000075c091 CR3: 0000000090b88000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 reclaim_pages+0x4a4/0x9b0 mm/vmscan.c:2202
 madvise_pageout_pte_range+0x1157/0x2040 mm/madvise.c:551
 walk_pmd_range mm/pagewalk.c:51 [inline]
 walk_pud_range mm/pagewalk.c:109 [inline]
 walk_p4d_range mm/pagewalk.c:135 [inline]
 walk_pgd_range mm/pagewalk.c:161 [inline]
 __walk_page_range+0xa3f/0x1600 mm/pagewalk.c:254
 walk_page_range+0x14d/0x340 mm/pagewalk.c:335
 madvise_pageout_page_range.isra.18+0x9b/0xd0 mm/madvise.c:634
 madvise_pageout+0x1df/0x340 mm/madvise.c:670
 madvise_vma mm/madvise.c:1067 [inline]
 __do_sys_madvise mm/madvise.c:1247 [inline]
 __se_sys_madvise mm/madvise.c:1175 [inline]
 __x64_sys_madvise+0x30e/0x1160 mm/madvise.c:1175
 do_syscall_64+0xd0/0x540 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459829
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc4f961ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
RDX: 0000000000000015 RSI: 0000000000600003 RDI: 0000000020000000
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4f961f6d4
R13: 00000000004c5c6d R14: 00000000004da4d8 R15: 00000000ffffffff
Modules linked in:
---[ end trace 4848a571efe4f940 ]---
RIP: 0010:shrink_page_list+0x195e/0x3810 mm/vmscan.c:1156
Code: 48 c7 c6 40 51 12 87 48 8d 50 ff a8 01 48 0f 44 d3 48 89 d7 e8 03 ff 05 00 0f 0b 48 c7 c6 00 5a 12 87 48 89 df e8 f2 fe 05 00 <0f> 0b 49 8b 45 00 48 c7 c6 40 51 12 87 48 8d 50 ff a8 01 48 0f 44
RSP: 0018:ffff88807a8df5a8 EFLAGS: 00010286
RAX: 0000000000000021 RBX: ffffea0001e90000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff89da6040
RBP: ffff88807a8df7b8 R08: fffffbfff11f50a0 R09: fffffbfff11f50a0
R10: fffffbfff11f509f R11: ffffffff88fa84ff R12: ffff88807a8df828
R13: ffffea0001e90008 R14: ffffea0001e90000 R15: dffffc0000000000
FS:  00007fc4f961f700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000075c091 CR3: 0000000090b88000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400