ci starts bisection 2024-01-25 21:21:53.963310582 +0000 UTC m=+9142.893970550 bisecting cause commit starting from 8bf1262c53f50fa91fe15d01e5ef5629db55313c building syzkaller on 1e153dc8b31e685ca8495576db4f8c077585e39c fetch other tags and check if the commit is present ensuring issue is reproducible on original commit 8bf1262c53f50fa91fe15d01e5ef5629db55313c testing commit 8bf1262c53f50fa91fe15d01e5ef5629db55313c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 03dde6db40fd0f2229e100953328292ad8b3eebceb09c1cdac489150dc20e14b all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 8bf1262c53f50fa91fe15d01e5ef5629db55313c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dd2517ae93b3d7b052f58e97eb5b3351d0d32854cb98528de661d821d90f8640 all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed kconfig minimization: base=3923 full=7699 leaves diff=2021 split chunks (needed=false): <2021> split chunk #0 of len 2021 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN BUG KASAN ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 8bf1262c53f50fa91fe15d01e5ef5629db55313c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d5566c669957b9027d4964e088aac53f9e82cfd1fd710347eef15a2caf129d22 all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LEAK UBSAN BUG KASAN ATOMIC_SLEEP HANG], they are not needed testing commit 8bf1262c53f50fa91fe15d01e5ef5629db55313c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ea4e6c7acf569d349256c06f21b135a2ca35a31d92a12b52bf685e0f14f61759 all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed testing commit 8bf1262c53f50fa91fe15d01e5ef5629db55313c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f9c8b83a0398b70d36610098189cda0cfd48b6e1f3b5b10613769fd2ae7c2a17 all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [UBSAN BUG KASAN ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 8bf1262c53f50fa91fe15d01e5ef5629db55313c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a523540be2b314c79f20ffb0f4e7a4d1834b4c11712fe2eaf6d5ce76dcf71f19 all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 disabling configs for [BUG KASAN ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 8bf1262c53f50fa91fe15d01e5ef5629db55313c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2ad71c986624a0cb4ae418993969a93b0f5503c86f4337e33b1e0d805734699e all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] the chunk can be dropped minimized to 405 configs; suspects: [AF_RXRPC ARCH_ENABLE_MEMORY_HOTREMOVE ATM AX25 CALL_PADDING CFG80211 CMA DAX DLM DVB_CORE ENCRYPTED_KEYS EXTCON GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_SENSOR_HUB HID_SMARTJOYPLUS HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN IP_SCTP L2TP LIBNVDIMM MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_RETU MMC MTD MTD_UBI NETFILTER_ADVANCED NETFILTER_CONNCOUNT NET_IPGRE NET_IPGRE_DEMUX NFS_V4_1 NF_CONNTRACK_SNMP NF_NAT_SNMP_BASIC NF_NAT_TFTP NF_SOCKET_IPV4 NF_SOCKET_IPV6 NF_TABLES NF_TABLES_ARP NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NLS_UCS2_UTILS NOP_USB_XCEIV NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NTFS_FS NTFS_RW NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVMEM_LAYOUTS NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_DEBUG OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PADATA PAGE_IDLE_FLAG PAGE_POOL PAGE_REPORTING PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOE_HASH_BITS_4 PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PREFIX_SYMBOLS PRISM2_USB PROC_CHILDREN PSI PSTORE PSTORE_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN R8712U RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGULATOR REGULATOR_TWL4030 REISERFS_FS REISERFS_FS_POSIX_ACL REISERFS_FS_SECURITY REISERFS_FS_XATTR REISERFS_PROC_INFO RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMC SMC_DIAG SMSC_PHY SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SUPPORT_OLD_API SND_TIMER SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_COMPILE_DECOMP_SINGLE SQUASHFS_DECOMP_SINGLE SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STAGING STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TASKS_TRACE_RCU TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_NETLINK THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_TOE TMPFS_QUOTA TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_FUSB302 TYPEC_TCPCI TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_HOST USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_DWC2 USB_GADGET USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VXLAN WIRELESS WLAN X86_HAVE_PAE ZONE_DEVICE] disabling configs for [KASAN ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed picked [v6.7 v6.6 v6.5 v6.3 v6.1 v5.19 v5.17 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 30 release tags testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 15cc0bb075314c6f9a48e358fd039bb10becd809ff1e22cce47c7ff97b7f7e56 all runs: OK false negative chance: 0.000 # git bisect start 8bf1262c53f50fa91fe15d01e5ef5629db55313c 0dd3ee31125508cd67f7e7172247f05b7fd1753a Bisecting: 8463 revisions left to test after this (roughly 13 steps) [ba5afb9a84df2e6b26a1b6389b98849cd16ea757] fs: rework listmount() implementation testing commit ba5afb9a84df2e6b26a1b6389b98849cd16ea757 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7bd21593efb99c4df9fb14a628ede91d9121e29d06302e5def55fca8087df203 all runs: OK false negative chance: 0.000 # git bisect good ba5afb9a84df2e6b26a1b6389b98849cd16ea757 Bisecting: 4255 revisions left to test after this (roughly 12 steps) [5d197e97fb106c09d3d013be341e5961fd70ec8a] Merge tag 'hsi-for-6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi testing commit 5d197e97fb106c09d3d013be341e5961fd70ec8a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 99adf0649581d45cc3343dfd2cb9ba5afe4371c1c2fe595d2da9bab4215beb7e all runs: OK false negative chance: 0.000 # git bisect good 5d197e97fb106c09d3d013be341e5961fd70ec8a Bisecting: 2130 revisions left to test after this (roughly 11 steps) [a638bfbfa1f8e8fbf36d84679916c60c1382a2ef] Merge tag 'spi-fix-v6.8-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi testing commit a638bfbfa1f8e8fbf36d84679916c60c1382a2ef gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aa995caa016e4d09ffa653cb303fc7bac0eeafcae0facd61a5f89bff826a59ea all runs: OK false negative chance: 0.000 # git bisect good a638bfbfa1f8e8fbf36d84679916c60c1382a2ef Bisecting: 1065 revisions left to test after this (roughly 10 steps) [49bcd02df6e861a15daaaa421410131d76fe82da] Merge branch 'for-next' of git://github.com/Xilinx/linux-xlnx.git testing commit 49bcd02df6e861a15daaaa421410131d76fe82da gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 65c8ce9910d5e5771900c2d4beb6a48a82df0aeee6dc921b1963424a68d11e10 all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] # git bisect bad 49bcd02df6e861a15daaaa421410131d76fe82da Bisecting: 532 revisions left to test after this (roughly 9 steps) [26bbc9df1a64e0fc7142b5abfc6f31e5e03e4393] mm/mmap: introduce vma_range_init() testing commit 26bbc9df1a64e0fc7142b5abfc6f31e5e03e4393 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 93ad0ab3931986442c7daee5e84d92441202d417830b9fa5c205d1235123721b all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] # git bisect bad 26bbc9df1a64e0fc7142b5abfc6f31e5e03e4393 Bisecting: 289 revisions left to test after this (roughly 8 steps) [c25b24fa72c734f8cd6c31a13548013263b26286] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit c25b24fa72c734f8cd6c31a13548013263b26286 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 049e2948e552cc4fd2e324b113ad012cfba495ea6e15a9a38c8f6972bc429d5b all runs: OK false negative chance: 0.000 # git bisect good c25b24fa72c734f8cd6c31a13548013263b26286 Bisecting: 139 revisions left to test after this (roughly 7 steps) [7a396820222d6d4c02057f41658b162bdcdadd0e] Merge tag 'v6.8-rc-part2-smb-client' of git://git.samba.org/sfrench/cifs-2.6 testing commit 7a396820222d6d4c02057f41658b162bdcdadd0e gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ba2811930758ee23f1c358eaa7012843833772a7939eba430d811dd303d7eae2 all runs: OK false negative chance: 0.000 # git bisect good 7a396820222d6d4c02057f41658b162bdcdadd0e Bisecting: 69 revisions left to test after this (roughly 6 steps) [4c137bc280640961ad1f26bb4375b2d6209761d1] uprobes: use pagesize-aligned virtual address when replacing pages testing commit 4c137bc280640961ad1f26bb4375b2d6209761d1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 96e32aba83aaab023c2ac9dfb4b2eef9a29d5a54f2add905db378ba7e8c3b37b all runs: OK false negative chance: 0.000 # git bisect good 4c137bc280640961ad1f26bb4375b2d6209761d1 Bisecting: 34 revisions left to test after this (roughly 5 steps) [25ac2c4c536c984c67da3d026db7ec527df20cd6] mm: vmalloc: remove global vmap_area_root rb-tree testing commit 25ac2c4c536c984c67da3d026db7ec527df20cd6 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7a940fe6039c97e0d55fe849f3a23fcec6ab1a368122a0fcd633f9acee9ecddf all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] # git bisect bad 25ac2c4c536c984c67da3d026db7ec527df20cd6 Bisecting: 17 revisions left to test after this (roughly 4 steps) [2b749569615ea284ee3d277f8254be37817af3cc] selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory testing commit 2b749569615ea284ee3d277f8254be37817af3cc gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 755029f9c208fb2e8f50d1b926568e2ed351edece6cff61b59b8087af261e09e all runs: OK false negative chance: 0.000 # git bisect good 2b749569615ea284ee3d277f8254be37817af3cc Bisecting: 8 revisions left to test after this (roughly 3 steps) [184c8db9112ee2370c2d17efab76a6c2aad061bc] s390/sclp: remove unhandled memory notifier type testing commit 184c8db9112ee2370c2d17efab76a6c2aad061bc gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 40b2bd0daeba2acc7457445455f7126339b335bbb0d31e40276520307fd72e89 all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] # git bisect bad 184c8db9112ee2370c2d17efab76a6c2aad061bc Bisecting: 4 revisions left to test after this (roughly 2 steps) [be7a8289b10f82365b9a209d9db9e4aaab1a86d4] selftests/mm: run_vmtests.sh: add hugetlb_madv_vs_map testing commit be7a8289b10f82365b9a209d9db9e4aaab1a86d4 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d1b41ac2f7f0f462c3933f40dbd29e796bd69c380a10972157ba02938458fa95 all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] # git bisect bad be7a8289b10f82365b9a209d9db9e4aaab1a86d4 Bisecting: 1 revision left to test after this (roughly 1 step) [38c61fca93058635b533ad927c1d6529757424d3] mm: huge_memory: don't force huge page alignment on 32 bit testing commit 38c61fca93058635b533ad927c1d6529757424d3 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a012d488c79fa4cc47955742ed592351c0e76961f7320d23a21b0adca6660cad all runs: OK false negative chance: 0.000 # git bisect good 38c61fca93058635b533ad927c1d6529757424d3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [947b031634e7af3d265275c26ec17e2f96fdb5a1] mm/hugetlb: restore the reservation if needed testing commit 947b031634e7af3d265275c26ec17e2f96fdb5a1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 01349672a858b1b4743ff515187fa1da73641cc89aa7156ed9bb56d5ee0cbe40 all runs: crashed: possible deadlock in __unmap_hugepage_range representative crash: possible deadlock in __unmap_hugepage_range, types: [LOCKDEP] # git bisect bad 947b031634e7af3d265275c26ec17e2f96fdb5a1 947b031634e7af3d265275c26ec17e2f96fdb5a1 is the first bad commit commit 947b031634e7af3d265275c26ec17e2f96fdb5a1 Author: Breno Leitao Date: Wed Jan 17 09:10:57 2024 -0800 mm/hugetlb: restore the reservation if needed Currently there is a bug that a huge page could be stolen, and when the original owner tries to fault in it, it causes a page fault. You can achieve that by: 1) Creating a single page echo 1 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages 2) mmap() the page above with MAP_HUGETLB into (void *ptr1). * This will mark the page as reserved 3) touch the page, which causes a page fault and allocates the page * This will move the page out of the free list. * It will also unreserved the page, since there is no more free page 4) madvise(MADV_DONTNEED) the page * This will free the page, but not mark it as reserved. 5) Allocate a secondary page with mmap(MAP_HUGETLB) into (void *ptr2). * it should fail, but, since there is no more available page. * But, since the page above is not reserved, this mmap() succeed. 6) Faulting at ptr1 will cause a SIGBUS * it will try to allocate a huge page, but there is none available A full reproducer is in selftest. See https://lore.kernel.org/all/20240105155419.1939484-1-leitao@debian.org/ Fix this by restoring the reserved page if necessary. If the page being unmapped has HPAGE_RESV_OWNER set, and needs a reservation, set the restore_reserve flag, which will move the page from free to reserved. Link: https://lkml.kernel.org/r/20240117171058.2192286-1-leitao@debian.org Signed-off-by: Breno Leitao Suggested-by: Rik van Riel Cc: Lorenzo Stoakes Cc: Matthew Wilcox (Oracle) Cc: Muchun Song Cc: Rik van Riel Cc: Signed-off-by: Andrew Morton mm/hugetlb.c | 10 ++++++++++ 1 file changed, 10 insertions(+) accumulated error probability: 0.00 culprit signature: 01349672a858b1b4743ff515187fa1da73641cc89aa7156ed9bb56d5ee0cbe40 parent signature: a012d488c79fa4cc47955742ed592351c0e76961f7320d23a21b0adca6660cad revisions tested: 22, total time: 9h32m36.989461153s (build: 5h0m12.42797756s, test: 2h47m48.867036922s) first bad commit: 947b031634e7af3d265275c26ec17e2f96fdb5a1 mm/hugetlb: restore the reservation if needed recipients (to): ["akpm@linux-foundation.org" "akpm@linux-foundation.org" "leitao@debian.org" "linux-mm@kvack.org" "muchun.song@linux.dev"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: possible deadlock in __unmap_hugepage_range ====================================================== WARNING: possible circular locking dependency detected 6.8.0-rc1-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/2670 is trying to acquire lock: ffffffff833a7900 (fs_reclaim){+.+.}-{0:0}, at: might_alloc include/linux/sched/mm.h:303 [inline] ffffffff833a7900 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook mm/slub.c:3761 [inline] ffffffff833a7900 (fs_reclaim){+.+.}-{0:0}, at: slab_alloc_node mm/slub.c:3842 [inline] ffffffff833a7900 (fs_reclaim){+.+.}-{0:0}, at: kmalloc_trace+0x57/0x350 mm/slub.c:4007 but task is already holding lock: ffff888101eba8d8 (ptlock_ptr(ptdesc)){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff888101eba8d8 (ptlock_ptr(ptdesc)){+.+.}-{2:2}, at: huge_pte_lock include/linux/hugetlb.h:1232 [inline] ffff888101eba8d8 (ptlock_ptr(ptdesc)){+.+.}-{2:2}, at: __unmap_hugepage_range+0x14b/0x810 mm/hugetlb.c:5611 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (ptlock_ptr(ptdesc)){+.+.}-{2:2}: __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] pmd_lock include/linux/mm.h:3036 [inline] __split_huge_pmd+0xf5/0x1140 mm/huge_memory.c:2622 split_huge_pmd_address mm/huge_memory.c:2655 [inline] split_huge_pmd_if_needed mm/huge_memory.c:2667 [inline] split_huge_pmd_if_needed mm/huge_memory.c:2658 [inline] vma_adjust_trans_huge+0xdd/0x1a0 mm/huge_memory.c:2679 __split_vma+0x312/0x3f0 mm/mmap.c:2369 split_vma mm/mmap.c:2405 [inline] vma_modify+0x8b/0xd0 mm/mmap.c:2440 vma_modify_flags include/linux/mm.h:3283 [inline] mprotect_fixup+0xad/0x3d0 mm/mprotect.c:635 do_mprotect_pkey+0x30a/0x560 mm/mprotect.c:809 __do_sys_mprotect mm/mprotect.c:830 [inline] __se_sys_mprotect mm/mprotect.c:827 [inline] __x64_sys_mprotect+0x1a/0x20 mm/mprotect.c:827 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x84/0x180 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b -> #1 (&mapping->i_mmap_rwsem){++++}-{3:3}: down_write+0x29/0xb0 kernel/locking/rwsem.c:1579 i_mmap_lock_write include/linux/fs.h:512 [inline] dma_resv_lockdep+0x1b2/0x2e0 drivers/dma-buf/dma-resv.c:787 do_one_initcall+0x6b/0x300 init/main.c:1236 do_initcall_level init/main.c:1298 [inline] do_initcalls init/main.c:1314 [inline] do_basic_setup init/main.c:1333 [inline] kernel_init_freeable+0x250/0x3f0 init/main.c:1551 kernel_init+0x15/0x190 init/main.c:1441 ret_from_fork+0x2c/0x40 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 -> #0 (fs_reclaim){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x1293/0x1a70 kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0xcd/0x2d0 kernel/locking/lockdep.c:5719 __fs_reclaim_acquire mm/page_alloc.c:3692 [inline] fs_reclaim_acquire+0x9d/0xd0 mm/page_alloc.c:3706 might_alloc include/linux/sched/mm.h:303 [inline] slab_pre_alloc_hook mm/slub.c:3761 [inline] slab_alloc_node mm/slub.c:3842 [inline] kmalloc_trace+0x57/0x350 mm/slub.c:4007 kmalloc include/linux/slab.h:590 [inline] allocate_file_region_entries+0x9a/0x1c0 mm/hugetlb.c:666 region_chg+0x57/0x80 mm/hugetlb.c:786 __vma_reservation_common+0x12b/0x250 mm/hugetlb.c:2832 vma_needs_reservation mm/hugetlb.c:2899 [inline] __unmap_hugepage_range+0x4f2/0x810 mm/hugetlb.c:5681 unmap_vmas+0xe7/0x1c0 mm/memory.c:1758 exit_mmap+0x100/0x470 mm/mmap.c:3277 __mmput+0x3a/0x110 kernel/fork.c:1343 exit_mm kernel/exit.c:569 [inline] do_exit+0x2fa/0xb90 kernel/exit.c:858 do_group_exit+0x32/0xa0 kernel/exit.c:1020 __do_sys_exit_group kernel/exit.c:1031 [inline] __se_sys_exit_group kernel/exit.c:1029 [inline] __x64_sys_exit_group+0x13/0x20 kernel/exit.c:1029 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x84/0x180 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b other info that might help us debug this: Chain exists of: fs_reclaim --> &mapping->i_mmap_rwsem --> ptlock_ptr(ptdesc) Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(ptlock_ptr(ptdesc)); lock(&mapping->i_mmap_rwsem); lock(ptlock_ptr(ptdesc)); lock(fs_reclaim); *** DEADLOCK *** 4 locks held by syz-executor.0/2670: #0: ffff888107b73620 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:146 [inline] #0: ffff888107b73620 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x83/0x470 mm/mmap.c:3261 #1: ffff8881073898e8 (&resv_map->rw_sema){++++}-{3:3}, at: __hugetlb_zap_begin+0x7b/0xa0 mm/hugetlb.c:5724 #2: ffff888101ac4ce8 (&hugetlbfs_i_mmap_rwsem_key){+.+.}-{3:3}, at: hugetlb_zap_begin include/linux/hugetlb.h:258 [inline] #2: ffff888101ac4ce8 (&hugetlbfs_i_mmap_rwsem_key){+.+.}-{3:3}, at: unmap_vmas+0x132/0x1c0 mm/memory.c:1757 #3: ffff888101eba8d8 (ptlock_ptr(ptdesc)){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #3: ffff888101eba8d8 (ptlock_ptr(ptdesc)){+.+.}-{2:2}, at: huge_pte_lock include/linux/hugetlb.h:1232 [inline] #3: ffff888101eba8d8 (ptlock_ptr(ptdesc)){+.+.}-{2:2}, at: __unmap_hugepage_range+0x14b/0x810 mm/hugetlb.c:5611 stack backtrace: CPU: 0 PID: 2670 Comm: syz-executor.0 Not tainted 6.8.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x5c/0xb0 lib/dump_stack.c:106 check_noncircular+0x118/0x130 kernel/locking/lockdep.c:2187 check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x1293/0x1a70 kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0xcd/0x2d0 kernel/locking/lockdep.c:5719 __fs_reclaim_acquire mm/page_alloc.c:3692 [inline] fs_reclaim_acquire+0x9d/0xd0 mm/page_alloc.c:3706 might_alloc include/linux/sched/mm.h:303 [inline] slab_pre_alloc_hook mm/slub.c:3761 [inline] slab_alloc_node mm/slub.c:3842 [inline] kmalloc_trace+0x57/0x350 mm/slub.c:4007 kmalloc include/linux/slab.h:590 [inline] allocate_file_region_entries+0x9a/0x1c0 mm/hugetlb.c:666 region_chg+0x57/0x80 mm/hugetlb.c:786 __vma_reservation_common+0x12b/0x250 mm/hugetlb.c:2832 vma_needs_reservation mm/hugetlb.c:2899 [inline] __unmap_hugepage_range+0x4f2/0x810 mm/hugetlb.c:5681 unmap_vmas+0xe7/0x1c0 mm/memory.c:1758 exit_mmap+0x100/0x470 mm/mmap.c:3277 __mmput+0x3a/0x110 kernel/fork.c:1343 exit_mm kernel/exit.c:569 [inline] do_exit+0x2fa/0xb90 kernel/exit.c:858 do_group_exit+0x32/0xa0 kernel/exit.c:1020 __do_sys_exit_group kernel/exit.c:1031 [inline] __se_sys_exit_group kernel/exit.c:1029 [inline] __x64_sys_exit_group+0x13/0x20 kernel/exit.c:1029 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x84/0x180 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f3c0687cda9 Code: Unable to access opcode bytes at 0x7f3c0687cd7f. RSP: 002b:00007ffcec5f6f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f3c0687cda9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000001 R08: 00007f3c069abf8c R09: 0000000000000000 R10: 0000001b30e60000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000