bisecting cause commit starting from 51309b9d73f5de2d8cba2c850df0c3b5d9125bee building syzkaller on 0f3ec414b986caeb05e198240389925eae978ab8 testing commit 51309b9d73f5de2d8cba2c850df0c3b5d9125bee with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in pagemap_pmd_range testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 51309b9d73f5de2d8cba2c850df0c3b5d9125bee 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Bisecting: 12027 revisions left to test after this (roughly 14 steps) [aaa4dd61647b33bcf5e280e09304fa8cc3614cb9] Merge branch 'for-5.4/upstream-fixes' into for-next testing commit aaa4dd61647b33bcf5e280e09304fa8cc3614cb9 with gcc (GCC) 8.1.0 all runs: OK # git bisect good aaa4dd61647b33bcf5e280e09304fa8cc3614cb9 Bisecting: 6046 revisions left to test after this (roughly 13 steps) [91e8b4d9dd90288047ea8ba34a24c65da0e34571] Merge remote-tracking branch 'swiotlb/linux-next' testing commit 91e8b4d9dd90288047ea8ba34a24c65da0e34571 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 91e8b4d9dd90288047ea8ba34a24c65da0e34571 Bisecting: 3019 revisions left to test after this (roughly 12 steps) [28aa46c4528b31f1f554f924ce9f81955b941d0a] Merge remote-tracking branch 'drm-misc/for-linux-next' testing commit 28aa46c4528b31f1f554f924ce9f81955b941d0a with gcc (GCC) 8.1.0 all runs: OK # git bisect good 28aa46c4528b31f1f554f924ce9f81955b941d0a Bisecting: 1501 revisions left to test after this (roughly 11 steps) [12d486588bd6cd6b09450cd00e4bfcc39fbc5dd9] Merge remote-tracking branch 'usb/usb-next' testing commit 12d486588bd6cd6b09450cd00e4bfcc39fbc5dd9 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 12d486588bd6cd6b09450cd00e4bfcc39fbc5dd9 Bisecting: 709 revisions left to test after this (roughly 10 steps) [83fc352798b015a72781bae99eba567ebf366faf] Merge remote-tracking branch 'scsi/for-next' testing commit 83fc352798b015a72781bae99eba567ebf366faf with gcc (GCC) 8.1.0 all runs: OK # git bisect good 83fc352798b015a72781bae99eba567ebf366faf Bisecting: 357 revisions left to test after this (roughly 9 steps) [5ae4da045f2b17b8d6c928cc329865ff3f45651c] Merge remote-tracking branch 'hyperv/hyperv-next' testing commit 5ae4da045f2b17b8d6c928cc329865ff3f45651c with gcc (GCC) 8.1.0 all runs: OK # git bisect good 5ae4da045f2b17b8d6c928cc329865ff3f45651c Bisecting: 178 revisions left to test after this (roughly 8 steps) [cb3fdfc387fbfa9cca70082dc268c6300c3bfa76] kcov: remote coverage support testing commit cb3fdfc387fbfa9cca70082dc268c6300c3bfa76 with gcc (GCC) 8.1.0 all runs: OK # git bisect good cb3fdfc387fbfa9cca70082dc268c6300c3bfa76 Bisecting: 85 revisions left to test after this (roughly 7 steps) [39268bf3d88c10bcdd746aafd4f34a16c31eaa02] Merge remote-tracking branch 'cel/cel-next' testing commit 39268bf3d88c10bcdd746aafd4f34a16c31eaa02 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 39268bf3d88c10bcdd746aafd4f34a16c31eaa02 Bisecting: 42 revisions left to test after this (roughly 6 steps) [09d7286d7ff4fedc6085995dd20db6077cfab604] gpio: 74x164: utilize the for_each_set_clump8 macro testing commit 09d7286d7ff4fedc6085995dd20db6077cfab604 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 09d7286d7ff4fedc6085995dd20db6077cfab604 Bisecting: 21 revisions left to test after this (roughly 5 steps) [2b943047c167ef552c5cdc218e91713f40fa9b4e] mips: mm: add p?d_leaf() definitions testing commit 2b943047c167ef552c5cdc218e91713f40fa9b4e with gcc (GCC) 8.1.0 all runs: OK # git bisect good 2b943047c167ef552c5cdc218e91713f40fa9b4e Bisecting: 10 revisions left to test after this (roughly 4 steps) [8bcb05a4c84f3e572e4a9b4fa0f7304e3fe76bf8] x86: mm+efi: convert ptdump_walk_pgd_level() to take a mm_struct testing commit 8bcb05a4c84f3e572e4a9b4fa0f7304e3fe76bf8 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in pagemap_pmd_range # git bisect bad 8bcb05a4c84f3e572e4a9b4fa0f7304e3fe76bf8 Bisecting: 5 revisions left to test after this (roughly 3 steps) [157ce166e4d30f6467e1683d037fc293d219e31d] x86: mm: add p?d_leaf() definitions testing commit 157ce166e4d30f6467e1683d037fc293d219e31d with gcc (GCC) 8.1.0 all runs: OK # git bisect good 157ce166e4d30f6467e1683d037fc293d219e31d Bisecting: 2 revisions left to test after this (roughly 2 steps) [f95d77d9a53733a60db5c3f5e0ddea3cd0c90af6] mm: pagewalk: add test_p?d callbacks testing commit f95d77d9a53733a60db5c3f5e0ddea3cd0c90af6 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in pagemap_pmd_range # git bisect bad f95d77d9a53733a60db5c3f5e0ddea3cd0c90af6 Bisecting: 0 revisions left to test after this (roughly 1 step) [181be542ef3c9ca495500143d4c23f4d58beb5ab] mm: pagewalk: allow walking without vma testing commit 181be542ef3c9ca495500143d4c23f4d58beb5ab with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in pagemap_pmd_range # git bisect bad 181be542ef3c9ca495500143d4c23f4d58beb5ab Bisecting: 0 revisions left to test after this (roughly 0 steps) [33648e5ae1371c41b7723ba94222c5c66b391c87] mm: pagewalk: add p4d_entry() and pgd_entry() testing commit 33648e5ae1371c41b7723ba94222c5c66b391c87 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 33648e5ae1371c41b7723ba94222c5c66b391c87 181be542ef3c9ca495500143d4c23f4d58beb5ab is the first bad commit commit 181be542ef3c9ca495500143d4c23f4d58beb5ab Author: Steven Price Date: Tue Nov 5 09:57:54 2019 +1100 mm: pagewalk: allow walking without vma Since 48684a65b4e3: "mm: pagewalk: fix misbehavior of walk_page_range for vma(VM_PFNMAP)", page_table_walk() will report any kernel area as a hole, because it lacks a vma. This means each arch has re-implemented page table walking when needed, for example in the per-arch ptdump walker. Remove the requirement to have a vma except when trying to split huge pages. Link: http://lkml.kernel.org/r/20191028135910.33253-13-steven.price@arm.com Tested-by: Zong Li Cc: Naoya Horiguchi Cc: Shiraz Hashim Cc: Albert Ou Cc: Alexander Potapenko Cc: Alexandre Ghiti Cc: Andrey Ryabinin Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Arnd Bergmann Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Catalin Marinas Cc: Christian Borntraeger Cc: Dave Hansen Cc: Dave Jiang Cc: David S. Miller Cc: Dmitry Vyukov Cc: Heiko Carstens Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Ingo Molnar Cc: James Hogan Cc: James Morse Cc: "Liang, Kan" Cc: Mark Rutland Cc: Matthew Wilcox Cc: Michael Ellerman Cc: Palmer Dabbelt Cc: Paul Burton Cc: Paul Mackerras Cc: Paul Walmsley Cc: Peter Zijlstra Cc: Ralf Baechle Cc: Russell King Cc: Thomas Gleixner Cc: Vasily Gorbik Cc: Vineet Gupta Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Stephen Rothwell :040000 040000 79f95af691dbc69df9c573ca1d4952c53c2ea778 00b58021afd640aab7798c0b591817b25c800345 M mm revisions tested: 17, total time: 4h21m38.556157819s (build: 1h46m19.712344809s, test: 2h29m6.657106968s) first bad commit: 181be542ef3c9ca495500143d4c23f4d58beb5ab mm: pagewalk: allow walking without vma cc: ["akpm@linux-foundation.org" "alex@ghiti.fr" "aou@eecs.berkeley.edu" "ard.biesheuvel@linaro.org" "arnd@arndb.de" "aryabinin@virtuozzo.com" "benh@kernel.crashing.org" "borntraeger@de.ibm.com" "bp@alien8.de" "catalin.marinas@arm.com" "dave.hansen@linux.intel.com" "dave.jiang@intel.com" "davem@davemloft.net" "dvyukov@google.com" "glider@google.com" "gor@linux.ibm.com" "heiko.carstens@de.ibm.com" "hpa@zytor.com" "james.morse@arm.com" "jhogan@kernel.org" "kan.liang@linux.intel.com" "linux@armlinux.org.uk" "luto@kernel.org" "mark.rutland@arm.com" "mawilcox@microsoft.com" "mingo@elte.hu" "mingo@redhat.com" "mpe@ellerman.id.au" "n-horiguchi@ah.jp.nec.com" "palmer@sifive.com" "paul.burton@mips.com" "paul.walmsley@sifive.com" "paulus@samba.org" "peterz@infradead.org" "ralf@linux-mips.org" "sfr@canb.auug.org.au" "shashim@codeaurora.org" "steven.price@arm.com" "tglx@linutronix.de" "vgupta@synopsys.com" "will@kernel.org" "zong.li@sifive.com"] crash: general protection fault in pagemap_pmd_range kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 7602 Comm: syz-executor.1 Not tainted 5.4.0-rc6+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:pmd_trans_huge_lock include/linux/huge_mm.h:219 [inline] RIP: 0010:pagemap_pmd_range+0x78/0x1670 fs/proc/task_mmu.c:1373 Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4f 11 00 00 49 8d 7c 24 40 48 8b 59 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 21 11 00 00 4d 8b 7c 24 40 be 08 00 00 00 4d 8d RSP: 0018:ffff888081057268 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff888081057540 RCX: ffff888081057400 RDX: 0000000000000008 RSI: 0000000000511000 RDI: 0000000000000040 RBP: ffff8880810572d8 R08: 0000000000000000 R09: 0000000000511000 R10: ffffed1012df30bb R11: ffff888094951010 R12: 0000000000000000 R13: ffff888081057400 R14: ffff888094951010 R15: ffff888094951010 FS: 00007f43acdeb700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004de3b0 CR3: 0000000099ed7000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: walk_pmd_range mm/pagewalk.c:53 [inline] walk_pud_range mm/pagewalk.c:115 [inline] walk_p4d_range mm/pagewalk.c:147 [inline] walk_pgd_range mm/pagewalk.c:180 [inline] __walk_page_range+0xa68/0x1390 mm/pagewalk.c:275 walk_page_range+0x16a/0x2d0 mm/pagewalk.c:363 pagemap_read+0x369/0x570 fs/proc/task_mmu.c:1596 do_loop_readv_writev fs/read_write.c:714 [inline] do_iter_read+0x366/0x560 fs/read_write.c:935 vfs_readv+0xc7/0x130 fs/read_write.c:997 kernel_readv fs/splice.c:359 [inline] default_file_splice_read+0x425/0x890 fs/splice.c:414 do_splice_to+0xe3/0x120 fs/splice.c:877 splice_direct_to_actor+0x296/0x870 fs/splice.c:955 do_splice_direct+0x14c/0x270 fs/splice.c:1064 do_sendfile+0x481/0xd10 fs/read_write.c:1464 __do_sys_sendfile64 fs/read_write.c:1525 [inline] __se_sys_sendfile64 fs/read_write.c:1511 [inline] __x64_sys_sendfile64+0x198/0x1e0 fs/read_write.c:1511 do_syscall_64+0xca/0x5d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a219 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f43acdeac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000100000206201 R11: 0000000000000246 R12: 00007f43acdeb6d4 R13: 00000000004c7f94 R14: 00000000004de3b0 R15: 00000000ffffffff Modules linked in: ---[ end trace abf1f1291e9f70de ]--- RIP: 0010:pmd_trans_huge_lock include/linux/huge_mm.h:219 [inline] RIP: 0010:pagemap_pmd_range+0x78/0x1670 fs/proc/task_mmu.c:1373 Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4f 11 00 00 49 8d 7c 24 40 48 8b 59 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 21 11 00 00 4d 8b 7c 24 40 be 08 00 00 00 4d 8d RSP: 0018:ffff888081057268 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff888081057540 RCX: ffff888081057400 RDX: 0000000000000008 RSI: 0000000000511000 RDI: 0000000000000040 RBP: ffff8880810572d8 R08: 0000000000000000 R09: 0000000000511000 R10: ffffed1012df30bb R11: ffff888094951010 R12: 0000000000000000 R13: ffff888081057400 R14: ffff888094951010 R15: ffff888094951010 FS: 00007f43acdeb700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004de3b0 CR3: 0000000099ed7000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400