ci starts bisection 2023-08-12 17:52:27.218874648 +0000 UTC m=+98125.858395987 bisecting cause commit starting from 21ef7b1e17d039053edaeaf41142423810572741 building syzkaller on 39990d513277ce9372a4cc89bdac23d9fc30b056 ensuring issue is reproducible on original commit 21ef7b1e17d039053edaeaf41142423810572741 testing commit 21ef7b1e17d039053edaeaf41142423810572741 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7aadfb56dfbbafaa183fc6fea3ac943b490090aa5ef20ad1ca80d37700ff0be5 all runs: crashed: WARNING in fault_dirty_shared_page representative crash: WARNING in fault_dirty_shared_page, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 21ef7b1e17d039053edaeaf41142423810572741 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f271eab7f45c8b4744ac80a112cc422a75a19059c6824a383d35d4c4f0321190 all runs: crashed: WARNING in fault_dirty_shared_page representative crash: WARNING in fault_dirty_shared_page, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed kconfig minimization: base=3883 full=7676 leaves diff=2013 split chunks (needed=false): <2013> split chunk #0 of len 2013 into 5 parts testing without sub-chunk 1/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 21ef7b1e17d039053edaeaf41142423810572741 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 10dbb42d5b782df1c95b307f433d16aa20f50f5ea84fd215e0f193368628371c all runs: crashed: WARNING in fault_dirty_shared_page representative crash: WARNING in fault_dirty_shared_page, types: [WARNING] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 21ef7b1e17d039053edaeaf41142423810572741 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 884a58dd197cccdf234342ded3d8fa87ba9a01641976341fee8adef609e91b48 all runs: crashed: WARNING: bad unlock balance in fault_dirty_shared_page representative crash: WARNING: bad unlock balance in fault_dirty_shared_page, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed testing commit 21ef7b1e17d039053edaeaf41142423810572741 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c2c26e6d1f3a5d2c2c85bf29c4e2344b53008ae5863395d488cf5337fbc951e1 all runs: OK false negative chance: 0.000 testing without sub-chunk 4/5 disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 21ef7b1e17d039053edaeaf41142423810572741 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5600c2ee218088a5317e60586011da5f3f172f19221390ad763a3899ef6e9a65 all runs: crashed: WARNING: bad unlock balance in fault_dirty_shared_page representative crash: WARNING: bad unlock balance in fault_dirty_shared_page, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 21ef7b1e17d039053edaeaf41142423810572741 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 50cb42ada3e5ff17ea1d4bc6e6f07ecbcf0d2b898c8e45c4ff85dda8742120be all runs: crashed: WARNING: bad unlock balance in fault_dirty_shared_page representative crash: WARNING: bad unlock balance in fault_dirty_shared_page, types: [LOCKDEP] the chunk can be dropped minimized to 403 configs; suspects: [AX25 BRIDGE BRIDGE_NETFILTER CAN CFG80211 CHECKPOINT_RESTORE DVB_CORE FB_CORE FSCACHE HAMRADIO HSR INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS IP_VS_LBLC IP_VS_LBLCR IP_VS_LC IP_VS_MH IP_VS_NFCT IP_VS_NQ IP_VS_OVF IP_VS_PE_SIP IP_VS_PROTO_AH IP_VS_PROTO_AH_ESP IP_VS_PROTO_ESP IP_VS_PROTO_SCTP IP_VS_PROTO_UDP IP_VS_RR IP_VS_SED IP_VS_SH IP_VS_TWOS IP_VS_WLC IP_VS_WRR IRQ_BYPASS_MANAGER IRQ_POLL IR_IGORPLUGUSB IR_IGUANA IR_IMON IR_MCEUSB IR_REDRAT3 IR_STREAMZAP IR_TTUSBIR ISDN ISDN_CAPI_MIDDLEWARE JFFS2_CMODE_PRIORITY JFFS2_COMPRESSION_OPTIONS JFFS2_FS JFFS2_FS_POSIX_ACL JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_DEBUG JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_GENERIC_HARDWARE_ENABLING KVM_MMIO KVM_VFIO KVM_XEN KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEDS_TRIGGER_AUDIO LEGACY_PTYS LIBCRC32C LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LRU_GEN LRU_GEN_ENABLED LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_DEBUGFS MAC80211_HAS_RC MAC80211_HWSIM MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MAPPING_DIRTY_HELPERS MD_BITMAP_FILE MD_LINEAR MD_MULTIPATH MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_CONTROLLER_REQUEST_API MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TUNER MEDIA_TUNER_MSI001 MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MHI_BUS MHI_WWAN_CTRL MHP_MEMMAP_ON_MEMORY MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MMU_NOTIFIER MODULE_SRCVERSION_ALL MODVERSIONS MOST MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BTT ND_CLAIM ND_PFN NETDEVSIM NETFILTER_ADVANCED NETFILTER_BPF_LINK NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XTABLES_COMPAT NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETLABEL NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_IPT NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_DEVLINK NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_CAKE NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MQPRIO_LIB NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NET_XGRESS NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFC_VIRTUAL_NCI NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_2_SSC_HELPER NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_OVS NF_CONNTRACK_PPTP NF_CONNTRACK_SANE NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_NAT_AMANDA NF_NAT_H323 NF_TABLES NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV PARTITION_ADVANCED PSAMPLE RC_CORE RC_DEVICES RFKILL SPI USB_GADGET USB_MUSB_HDRC VIDEO_DEV WAN WATCH_QUEUE WIRELESS WLAN WWAN X25 X86_X32_ABI] disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7528c948d88687355ac9f4ee668f45322c6d12871acf17930ff1abf2b1ffd54a all runs: OK false negative chance: 0.000 # git bisect start 21ef7b1e17d039053edaeaf41142423810572741 6995e2de6891c724bfeb2db33d7b87775f913ad1 Bisecting: 11096 revisions left to test after this (roughly 14 steps) [e8069f5a8e3bdb5fdeeff895780529388592ee7a] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit e8069f5a8e3bdb5fdeeff895780529388592ee7a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5286931883ed9b87b656cd2ff960b5800291552a1ce6c03d44c2d0e8f9fe9726 all runs: OK false negative chance: 0.000 # git bisect good e8069f5a8e3bdb5fdeeff895780529388592ee7a Bisecting: 5635 revisions left to test after this (roughly 13 steps) [a4bf2861c142298e9f51078ba9627a277c6d22c9] Merge branch 'docs-next' of git://git.lwn.net/linux.git testing commit a4bf2861c142298e9f51078ba9627a277c6d22c9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 190011f627767382d3f2b365621a5bc8f587d5458a9802b7b21fe478c51c842f all runs: crashed: WARNING: bad unlock balance in fault_dirty_shared_page representative crash: WARNING: bad unlock balance in fault_dirty_shared_page, types: [LOCKDEP] # git bisect bad a4bf2861c142298e9f51078ba9627a277c6d22c9 Bisecting: 2731 revisions left to test after this (roughly 11 steps) [ea3267890dc5bf327b0af1e99c33acab2f6f55d6] damon: use pmdp_get instead of drectly dereferencing pmd testing commit ea3267890dc5bf327b0af1e99c33acab2f6f55d6 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2a76cd7f3b8907405a4c8a983295899b24a91d14740a1d5b555a478c250e0212 all runs: crashed: WARNING: bad unlock balance in fault_dirty_shared_page representative crash: WARNING: bad unlock balance in fault_dirty_shared_page, types: [LOCKDEP] # git bisect bad ea3267890dc5bf327b0af1e99c33acab2f6f55d6 Bisecting: 1364 revisions left to test after this (roughly 10 steps) [9350cd0190c0d60915ec704112c864d858a0d31c] Merge tag 'sh-for-v6.5-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/glaubitz/sh-linux testing commit 9350cd0190c0d60915ec704112c864d858a0d31c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a2d67396e6658090117bfd3d425f8acbe0280825b88238b609235c5c0b552685 all runs: OK false negative chance: 0.000 # git bisect good 9350cd0190c0d60915ec704112c864d858a0d31c Bisecting: 687 revisions left to test after this (roughly 9 steps) [f40125c0a160912ee3ac8def2f7de5bacb80df50] Merge tag '6.5-rc3-ksmbd-server-fixes' of git://git.samba.org/ksmbd testing commit f40125c0a160912ee3ac8def2f7de5bacb80df50 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3642f88623488b93e3c93ed07ba0c4a4b8ae4e336b770dab361a2f8030afd996 all runs: OK false negative chance: 0.000 # git bisect good f40125c0a160912ee3ac8def2f7de5bacb80df50 Bisecting: 340 revisions left to test after this (roughly 9 steps) [88f66f13ea51029280d3f91feafb6d66296c95d0] Merge tag 'usb-6.5-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 88f66f13ea51029280d3f91feafb6d66296c95d0 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 69a116ef5020cddac9fcf6c5d232bbe0e1aa6842c81106ad64c06b50bc7ae98f all runs: OK false negative chance: 0.000 # git bisect good 88f66f13ea51029280d3f91feafb6d66296c95d0 Bisecting: 170 revisions left to test after this (roughly 7 steps) [a47b806e78ad8d8e2058ed73bd9b3ea205c4eb11] mm/khugepaged: collapse_pte_mapped_thp() with mmap_read_lock(): fix testing commit a47b806e78ad8d8e2058ed73bd9b3ea205c4eb11 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 523bc6dc24eac6dc9b5d4ddf546f0ddb311dcfbb5758106f2c353c140750b157 all runs: OK false negative chance: 0.000 # git bisect good a47b806e78ad8d8e2058ed73bd9b3ea205c4eb11 Bisecting: 85 revisions left to test after this (roughly 7 steps) [c929ecc9e9b1c1e66683d2da68990ace372a0023] mmu_notifiers: don't invalidate secondary TLBs as part of mmu_notifier_invalidate_range_end() testing commit c929ecc9e9b1c1e66683d2da68990ace372a0023 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d7b825dbb564ae7595853773bf1d1431abc446214e633cf9e91087f11ff5473a all runs: OK false negative chance: 0.000 # git bisect good c929ecc9e9b1c1e66683d2da68990ace372a0023 Bisecting: 42 revisions left to test after this (roughly 6 steps) [e00632b098e0cc57dfa3ef6f2df9a07b3fa7a4b1] maple_tree: refine mas_preallocate() node calculations testing commit e00632b098e0cc57dfa3ef6f2df9a07b3fa7a4b1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e4b06c39d4c0c3d808d374d0551601d5d125ad0c0ac8a5cca0d7e15eaa624aab all runs: OK false negative chance: 0.000 # git bisect good e00632b098e0cc57dfa3ef6f2df9a07b3fa7a4b1 Bisecting: 21 revisions left to test after this (roughly 5 steps) [efb510224fb575376b086be87e63f52699bceefd] mm/vmemmap optimization: split hugetlb and devdax vmemmap optimization testing commit efb510224fb575376b086be87e63f52699bceefd gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: acde045c842a19c02f2cbc1fd08e77035ef8c46bcde4a0a29895cc9bb3f3f826 all runs: crashed: WARNING: bad unlock balance in fault_dirty_shared_page representative crash: WARNING: bad unlock balance in fault_dirty_shared_page, types: [LOCKDEP] # git bisect bad efb510224fb575376b086be87e63f52699bceefd Bisecting: 10 revisions left to test after this (roughly 3 steps) [7456c15600264d635293c91df1e0c0b5a1e73578] mm: run the fault-around code under the VMA lock testing commit 7456c15600264d635293c91df1e0c0b5a1e73578 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 818a2b28adc53a47ffb1547ca9c2b3a5e753294e3742fbdf149ef88b562f8e67 all runs: OK false negative chance: 0.000 # git bisect good 7456c15600264d635293c91df1e0c0b5a1e73578 Bisecting: 5 revisions left to test after this (roughly 3 steps) [3f98289e33e8960fe4bae7a328ef87a25d9478ea] mm/debug_vm_pgtable: Use the new has_transparent_pud_hugepage() testing commit 3f98289e33e8960fe4bae7a328ef87a25d9478ea gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0fda7cda44632dc3e26977d99800781862de05dadfa7dd15fdfc8178b688d1ed all runs: crashed: WARNING: bad unlock balance in fault_dirty_shared_page representative crash: WARNING: bad unlock balance in fault_dirty_shared_page, types: [LOCKDEP] # git bisect bad 3f98289e33e8960fe4bae7a328ef87a25d9478ea Bisecting: 2 revisions left to test after this (roughly 1 step) [88e2667632d43928d3ed50d0163ecd73aaa2d455] mm: handle faults that merely update the accessed bit under the VMA lock testing commit 88e2667632d43928d3ed50d0163ecd73aaa2d455 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0c2952e02d2324e00d9b02ffab600f2efebf8e3ef52d750b7b4b9cb7ac464fba all runs: crashed: WARNING: bad unlock balance in fault_dirty_shared_page representative crash: WARNING: bad unlock balance in fault_dirty_shared_page, types: [LOCKDEP] # git bisect bad 88e2667632d43928d3ed50d0163ecd73aaa2d455 Bisecting: 0 revisions left to test after this (roughly 0 steps) [51c4fdc72be2287960ab5c1f5beae84f3039fd01] mm: handle swap and NUMA PTE faults under the VMA lock testing commit 51c4fdc72be2287960ab5c1f5beae84f3039fd01 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3c00b64a2ecbf406db133d66bb28faf12855bcfcc2869cf6be0759808ce4ffbe all runs: OK false negative chance: 0.000 # git bisect good 51c4fdc72be2287960ab5c1f5beae84f3039fd01 88e2667632d43928d3ed50d0163ecd73aaa2d455 is the first bad commit commit 88e2667632d43928d3ed50d0163ecd73aaa2d455 Author: Matthew Wilcox (Oracle) Date: Mon Jul 24 19:54:10 2023 +0100 mm: handle faults that merely update the accessed bit under the VMA lock Move FAULT_FLAG_VMA_LOCK check out of handle_pte_fault(). This should have a significant performance improvement for mmaped files. Write faults (on read-only shared pages) still take the mmap lock as we do not want to audit all the implementations of ->pfn_mkwrite() and ->page_mkwrite(). However write-faults on private mappings are handled under the VMA lock. Link: https://lkml.kernel.org/r/20230724185410.1124082-11-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) Cc: Arjun Roy Cc: Eric Dumazet Cc: Punit Agrawal Cc: Suren Baghdasaryan Signed-off-by: Andrew Morton mm/memory.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) accumulated error probability: 0.00 culprit signature: 0c2952e02d2324e00d9b02ffab600f2efebf8e3ef52d750b7b4b9cb7ac464fba parent signature: 3c00b64a2ecbf406db133d66bb28faf12855bcfcc2869cf6be0759808ce4ffbe revisions tested: 22, total time: 5h25m18.437622147s (build: 2h56m51.75605414s, test: 2h13m11.089387419s) first bad commit: 88e2667632d43928d3ed50d0163ecd73aaa2d455 mm: handle faults that merely update the accessed bit under the VMA lock recipients (to): ["akpm@linux-foundation.org" "willy@infradead.org"] recipients (cc): [] crash: WARNING: bad unlock balance in fault_dirty_shared_page ===================================== WARNING: bad unlock balance detected! 6.5.0-rc4-syzkaller #0 Not tainted ------------------------------------- syz-executor.0/3374 is trying to release lock (&mm->mmap_lock) at: [] mmap_read_unlock include/linux/mmap_lock.h:173 [inline] [] maybe_unlock_mmap_for_io mm/internal.h:709 [inline] [] fault_dirty_shared_page+0x242/0x2b0 mm/memory.c:3003 but there are no more locks to release! other info that might help us debug this: 1 lock held by syz-executor.0/3374: #0: ffff888101b69498 (&vma->vm_lock->lock){....}-{3:3}, at: vma_start_read include/linux/mm.h:654 [inline] #0: ffff888101b69498 (&vma->vm_lock->lock){....}-{3:3}, at: lock_vma_under_rcu+0xe2/0x2d0 mm/memory.c:5461 stack backtrace: CPU: 0 PID: 3374 Comm: syz-executor.0 Not tainted 6.5.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8e/0xf0 lib/dump_stack.c:106 __lock_release kernel/locking/lockdep.c:5438 [inline] lock_release+0x1fc/0x2c0 kernel/locking/lockdep.c:5781 up_read+0x16/0x20 kernel/locking/rwsem.c:1615 mmap_read_unlock include/linux/mmap_lock.h:173 [inline] maybe_unlock_mmap_for_io mm/internal.h:709 [inline] fault_dirty_shared_page+0x242/0x2b0 mm/memory.c:3003 wp_page_shared mm/memory.c:3323 [inline] do_wp_page+0x640/0x1c00 mm/memory.c:3392 handle_pte_fault mm/memory.c:5013 [inline] __handle_mm_fault+0x80a/0x1b10 mm/memory.c:5137 handle_mm_fault+0x39d/0x690 mm/memory.c:5302 do_user_addr_fault+0x21c/0xb10 arch/x86/mm/fault.c:1342 handle_page_fault arch/x86/mm/fault.c:1483 [inline] exc_page_fault+0x5d/0xb0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570 RIP: 0033:0x7f864cd80b1d Code: 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 83 fa 20 72 37 c5 fe 6f 06 48 83 fa 40 0f 87 b9 00 00 00 c5 fe 6f 4c 16 e0 fe 7f 07 c5 fe 7f 4c 17 e0 0f 01 d6 75 04 c5 f8 77 c3 c5 fc 77 RSP: 002b:00007ffdb78c4e58 EFLAGS: 00010283 RAX: 0000000020001240 RBX: 00007ffdb78c4f68 RCX: 00007f864c923000 RDX: 0000000000000020 RSI: 00007f864c923230 RDI: 0000000020001240 RBP: 0000000000000032 R08: 00007f864cd23000 R09: 00007f864cebef8c R10: 00007ffdb78c4f90 R11: 0000000000000246 R12: 00007f864c923210 R13: fffffffffffffffe R14: 00007f864c923000 R15: 00007f864c923218 ------------[ cut here ]------------ DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff888100066170, owner = 0x1, curr 0xffff888107e49b40, list empty WARNING: CPU: 0 PID: 3374 at kernel/locking/rwsem.c:1348 __up_read+0x190/0x210 kernel/locking/rwsem.c:1348 Modules linked in: CPU: 0 PID: 3374 Comm: syz-executor.0 Not tainted 6.5.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 RIP: 0010:__up_read+0x190/0x210 kernel/locking/rwsem.c:1348 Code: 8b 4b 68 48 39 c2 48 c7 c2 63 79 33 83 48 c7 c0 91 0b 35 83 48 0f 44 c2 48 8b 13 65 4c 8b 0c 25 80 c8 02 00 50 e8 c0 c9 f7 ff <0f> 0b 58 e9 51 ff ff ff 48 8b 57 58 48 8d 47 58 c6 05 5c 1e 7a 02 RSP: 0000:ffffc90001a0bcf8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff888100066170 RCX: 0000000000000000 RDX: ffff888107e49b40 RSI: ffffffff8116e001 RDI: 0000000000000001 RBP: ffff888100066040 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 205d343733335420 R12: 0000000000000004 R13: 0000000000000001 R14: ffff8881036f5540 R15: ffff8881032d36d8 FS: 00005555565d5480(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020001240 CR3: 0000000105f9f000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mmap_read_unlock include/linux/mmap_lock.h:173 [inline] maybe_unlock_mmap_for_io mm/internal.h:709 [inline] fault_dirty_shared_page+0x242/0x2b0 mm/memory.c:3003 wp_page_shared mm/memory.c:3323 [inline] do_wp_page+0x640/0x1c00 mm/memory.c:3392 handle_pte_fault mm/memory.c:5013 [inline] __handle_mm_fault+0x80a/0x1b10 mm/memory.c:5137 handle_mm_fault+0x39d/0x690 mm/memory.c:5302 do_user_addr_fault+0x21c/0xb10 arch/x86/mm/fault.c:1342 handle_page_fault arch/x86/mm/fault.c:1483 [inline] exc_page_fault+0x5d/0xb0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570 RIP: 0033:0x7f864cd80b1d Code: 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 83 fa 20 72 37 c5 fe 6f 06 48 83 fa 40 0f 87 b9 00 00 00 c5 fe 6f 4c 16 e0 fe 7f 07 c5 fe 7f 4c 17 e0 0f 01 d6 75 04 c5 f8 77 c3 c5 fc 77 RSP: 002b:00007ffdb78c4e58 EFLAGS: 00010283 RAX: 0000000020001240 RBX: 00007ffdb78c4f68 RCX: 00007f864c923000 RDX: 0000000000000020 RSI: 00007f864c923230 RDI: 0000000020001240 RBP: 0000000000000032 R08: 00007f864cd23000 R09: 00007f864cebef8c R10: 00007ffdb78c4f90 R11: 0000000000000246 R12: 00007f864c923210 R13: fffffffffffffffe R14: 00007f864c923000 R15: 00007f864c923218