ci2 starts bisection 2023-05-16 16:32:32.777977353 +0000 UTC m=+4961.615531222
bisecting cause commit starting from 6f4553626dbd0b15d25da5a3b2e05ad2be4780d4
building syzkaller on 2b9ba477a18ed0cc53e6b29a9641292709a7ba24
ensuring issue is reproducible on original commit 6f4553626dbd0b15d25da5a3b2e05ad2be4780d4

testing commit 6f4553626dbd0b15d25da5a3b2e05ad2be4780d4 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a278314e4d506f7229c77288e3d202afdae819e289b6922796926acb013ca430
all runs: crashed: kernel BUG in mas_store_prealloc
testing release v6.1.25
testing commit f17b0ab65d17988d5e6d6fe22f708ef3721080bf gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e3a6e85045f89d21adf09e8f59a863cc71f09395727e548adfa4790d796e2e14
all runs: crashed: kernel BUG in mas_store_prealloc
testing release v6.1.24
testing commit 0102425ac76bd184704c698cab7cb4fe37997556 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d63b78ec1c1306aa414bc20ec1d8c4c03e69b4ad5d82dc6fb4b4e944635d1ddf
all runs: crashed: kernel BUG in mas_store_prealloc
testing release v6.1.23
testing commit 543aff194ab6286af7791c5a138978ee7da4c93f gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cdf81575b61faecdafc53961ea9209e95b11d8225d8ec239d4402c389efcec65
all runs: OK
# git bisect start 0102425ac76bd184704c698cab7cb4fe37997556 543aff194ab6286af7791c5a138978ee7da4c93f
Bisecting: 82 revisions left to test after this (roughly 6 steps)
[1942ccb7d95f287a312fcbabfa8bc9ba501b1953] nilfs2: fix sysfs interface lifetime

testing commit 1942ccb7d95f287a312fcbabfa8bc9ba501b1953 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9df58c2eccd222c2f214498015fbe738d3357c9cf7017d7eb42b2695e33572db
all runs: OK
# git bisect good 1942ccb7d95f287a312fcbabfa8bc9ba501b1953
Bisecting: 41 revisions left to test after this (roughly 5 steps)
[162e6e6ff25f0d9225a26369be9faa6c244918e3] tracing/timerlat: Notify new max thread latency

testing commit 162e6e6ff25f0d9225a26369be9faa6c244918e3 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4fd62c1b8063e3b30ae0cb73d7d9d7a2747566d59b0bf4898b48288058b6603f
all runs: OK
# git bisect good 162e6e6ff25f0d9225a26369be9faa6c244918e3
Bisecting: 20 revisions left to test after this (roughly 4 steps)
[62de38c8201d853b130fc54ddbfab748180053e2] drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset

testing commit 62de38c8201d853b130fc54ddbfab748180053e2 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e6b20c15b02d8f1f083f792ec8a09b50f41f17b6e85ef32f3cc3ca912933d2e8
all runs: OK
# git bisect good 62de38c8201d853b130fc54ddbfab748180053e2
Bisecting: 10 revisions left to test after this (roughly 3 steps)
[19d8f782e380c0266b034cf445100361164837b4] maple_tree: fix handle of invalidated state in mas_wr_store_setup()

testing commit 19d8f782e380c0266b034cf445100361164837b4 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6690a56daf34a93dfc35ae77c6f03eae6143c99a57f145b017fe10a5f95df538
all runs: OK
# git bisect good 19d8f782e380c0266b034cf445100361164837b4
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[cc2f2507f3f05612c61c4b8f11bb91efbb9ad495] maple_tree: fix freeing of nodes in rcu mode

testing commit cc2f2507f3f05612c61c4b8f11bb91efbb9ad495 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c215c4d4b38d9a4c2ef00d2b4e655dcbd13788034b46c33f44f6fa650d4afa78
all runs: OK
# git bisect good cc2f2507f3f05612c61c4b8f11bb91efbb9ad495
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[9b6627bc36aaf426f11b3531aa26d48513c68cbf] maple_tree: add RCU lock checking to rcu callback functions

testing commit 9b6627bc36aaf426f11b3531aa26d48513c68cbf gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: fb8ae029bd8adb958f576ca6dc35fff141012d17fc195c2c7ec6b1baeb5a8222
all runs: OK
# git bisect good 9b6627bc36aaf426f11b3531aa26d48513c68cbf
Bisecting: 0 revisions left to test after this (roughly 1 step)
[77e41187a3875ef747868ff19646a41375f2f508] bpftool: Print newline before '}' for struct with padding only fields

testing commit 77e41187a3875ef747868ff19646a41375f2f508 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b0558ff2cba75644f7e19f8e8f8d968b3e9a1a7e4a0e4202f24594e6e603c88b
all runs: crashed: kernel BUG in mas_store_prealloc
# git bisect bad 77e41187a3875ef747868ff19646a41375f2f508
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[1c87a6f82a4e9bb8074a596c0acdc39ef9334473] mm: enable maple tree RCU mode by default.

testing commit 1c87a6f82a4e9bb8074a596c0acdc39ef9334473 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2e47fb4a6bd65d509324d3d6731522d11b7a1050bc5ef2aebd6717da09311464
all runs: crashed: kernel BUG in mas_store_prealloc
# git bisect bad 1c87a6f82a4e9bb8074a596c0acdc39ef9334473
1c87a6f82a4e9bb8074a596c0acdc39ef9334473 is the first bad commit
commit 1c87a6f82a4e9bb8074a596c0acdc39ef9334473
Author: Liam R. Howlett <Liam.Howlett@Oracle.com>
Date:   Tue Apr 11 11:10:55 2023 -0400

    mm: enable maple tree RCU mode by default.
    
    commit 3dd4432549415f3c65dd52d5c687629efbf4ece1 upstream.
    
    Use the maple tree in RCU mode for VMA tracking.
    
    The maple tree tracks the stack and is able to update the pivot
    (lower/upper boundary) in-place to allow the page fault handler to write
    to the tree while holding just the mmap read lock.  This is safe as the
    writes to the stack have a guard VMA which ensures there will always be
    a NULL in the direction of the growth and thus will only update a pivot.
    
    It is possible, but not recommended, to have VMAs that grow up/down
    without guard VMAs.  syzbot has constructed a testcase which sets up a
    VMA to grow and consume the empty space.  Overwriting the entire NULL
    entry causes the tree to be altered in a way that is not safe for
    concurrent readers; the readers may see a node being rewritten or one
    that does not match the maple state they are using.
    
    Enabling RCU mode allows the concurrent readers to see a stable node and
    will return the expected result.
    
    Link: https://lkml.kernel.org/r/20230227173632.3292573-9-surenb@google.com
    Cc: stable@vger.kernel.org
    Fixes: d4af56c5c7c6 ("mm: start tracking VMAs with maple tree")
    Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
    Reported-by: syzbot+8d95422d3537159ca390@syzkaller.appspotmail.com
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/linux/mm_types.h | 3 ++-
 kernel/fork.c            | 3 +++
 mm/mmap.c                | 3 ++-
 3 files changed, 7 insertions(+), 2 deletions(-)

culprit signature: 2e47fb4a6bd65d509324d3d6731522d11b7a1050bc5ef2aebd6717da09311464
parent  signature: fb8ae029bd8adb958f576ca6dc35fff141012d17fc195c2c7ec6b1baeb5a8222
revisions tested: 12, total time: 6h6m8.015669664s (build: 4h33m34.776835811s, test: 1h29m29.787415674s)
first bad commit: 1c87a6f82a4e9bb8074a596c0acdc39ef9334473 mm: enable maple tree RCU mode by default.
recipients (to): ["gregkh@linuxfoundation.org" "liam.howlett@oracle.com"]
recipients (cc): []
crash: kernel BUG in mas_store_prealloc
------------[ cut here ]------------
kernel BUG at lib/maple_tree.c:5790!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 440 Comm: syz-executor.0 Not tainted 6.1.23-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
RIP: 0010:mas_store_prealloc+0x36b/0x380 lib/maple_tree.c:5790
Code: 8b 54 24 08 31 c9 4c 8b 44 24 10 e8 5f 9b ff ff 65 ff 0d 90 d5 86 7b 4c 89 fb 0f 85 a9 fe ff ff e8 72 d5 84 fc e9 9f fe ff ff <0f> 0b e8 2e f9 07 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55
RSP: 0018:ffffc90000dc7780 EFLAGS: 00010246
RAX: 0000000000000002 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8604f790
RBP: ffffc90000dc7898 R08: dffffc0000000000 R09: fffffbfff0c09ef3
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920001b8f43
R13: ffffc90000dc7a18 R14: 1ffff920001b8ef4 R15: 0000000000000001
FS:  00007f14a6516700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056438ed91ee8 CR3: 0000000110243000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 vma_mas_store+0xd5/0x170 mm/mmap.c:434
 __vma_adjust+0xd2d/0x1420 mm/mmap.c:789
 vma_merge+0x710/0x780 mm/mmap.c:1060
 mlock_fixup+0x1e5/0x420 mm/mlock.c:420
 apply_vma_lock_flags+0x2ec/0x410 mm/mlock.c:501
 do_mlock+0x4ac/0x5b0 mm/mlock.c:602
 __do_sys_mlock2 mm/mlock.c:629 [inline]
 __se_sys_mlock2 mm/mlock.c:619 [inline]
 __x64_sys_mlock2+0x92/0xa0 mm/mlock.c:619
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f14a588c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f14a6516168 EFLAGS: 00000246 ORIG_RAX: 0000000000000145
RAX: ffffffffffffffda RBX: 00007f14a59abf80 RCX: 00007f14a588c169
RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020bfd000
RBP: 00007f14a65161d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffe8fda8dcf R14: 00007f14a6516300 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:mas_store_prealloc+0x36b/0x380 lib/maple_tree.c:5790
Code: 8b 54 24 08 31 c9 4c 8b 44 24 10 e8 5f 9b ff ff 65 ff 0d 90 d5 86 7b 4c 89 fb 0f 85 a9 fe ff ff e8 72 d5 84 fc e9 9f fe ff ff <0f> 0b e8 2e f9 07 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55
RSP: 0018:ffffc90000dc7780 EFLAGS: 00010246
RAX: 0000000000000002 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8604f790
RBP: ffffc90000dc7898 R08: dffffc0000000000 R09: fffffbfff0c09ef3
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920001b8f43
R13: ffffc90000dc7a18 R14: 1ffff920001b8ef4 R15: 0000000000000001
FS:  00007f14a6516700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056438ed91ee8 CR3: 0000000110243000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400