ci starts bisection 2023-02-04 07:36:50.742693917 +0000 UTC m=+61965.325179686 bisecting cause commit starting from 4fafd96910add124586b549ad005dcd179de8a18 building syzkaller on 1b2f701aa9a17abb7e27c7c1170d26398febf247 ensuring issue is reproducible on original commit 4fafd96910add124586b549ad005dcd179de8a18 testing commit 4fafd96910add124586b549ad005dcd179de8a18 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b81204766abd10b6413ac046c93480b65a55306824b4ff241c9edec4c151ea90 run #0: crashed: kernel BUG in __tlb_remove_page_size run #1: crashed: BUG: Bad rss-counter state run #2: crashed: general protection fault in free_swap_cache run #3: crashed: BUG: Bad rss-counter state run #4: crashed: BUG: Bad rss-counter state run #5: crashed: general protection fault in __skb_try_recv_from_queue run #6: crashed: BUG: Bad rss-counter state run #7: crashed: BUG: Bad rss-counter state run #8: crashed: kernel BUG in __tlb_remove_page_size run #9: crashed: kernel BUG in __tlb_remove_page_size run #10: crashed: KASAN: null-ptr-deref Read in khugepaged_enter_vma run #11: crashed: BUG: Bad rss-counter state run #12: crashed: kernel BUG in __tlb_remove_page_size run #13: crashed: kernel BUG in __tlb_remove_page_size run #14: crashed: kernel BUG in __tlb_remove_page_size run #15: crashed: BUG: corrupted list in icmp6_dst_alloc run #16: crashed: kernel BUG in __tlb_remove_page_size run #17: crashed: kernel BUG in __tlb_remove_page_size run #18: crashed: kernel BUG in __tlb_remove_page_size run #19: crashed: kernel BUG in __tlb_remove_page_size testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f46680f09de87092b91d00c00383473576884ef838a9fd21339ffdb5a4b70562 all runs: OK # git bisect start 4fafd96910add124586b549ad005dcd179de8a18 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 Bisecting: 13281 revisions left to test after this (roughly 14 steps) [a6e3e6f138058ff184d8ef5064a033b3f5fee8f8] Merge tag 'mm-nonmm-stable-2022-12-17-20-32' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit a6e3e6f138058ff184d8ef5064a033b3f5fee8f8 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e13f0bfd7c31df1009c910981d5e3db5b8d80735cb3da1ce976488b6bb9fe4cb all runs: OK # git bisect good a6e3e6f138058ff184d8ef5064a033b3f5fee8f8 Bisecting: 6654 revisions left to test after this (roughly 13 steps) [46577ef6af4501f2b1c386249bc1f5d31897523e] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm.git testing commit 46577ef6af4501f2b1c386249bc1f5d31897523e gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f523d262619389a26387e019780e006e5723746c9f44a7dbe36e091e09f14b24 all runs: OK # git bisect good 46577ef6af4501f2b1c386249bc1f5d31897523e Bisecting: 3308 revisions left to test after this (roughly 12 steps) [ee7c03394ee7cca0553da02f0183c80bc67d0437] Merge branch 'for-mfd-next' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd.git testing commit ee7c03394ee7cca0553da02f0183c80bc67d0437 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8202b7b3910aba5a4cffed8744fea94f0165e8227c3b5465ced73699b4630ffe run #0: crashed: BUG: Bad rss-counter state run #1: crashed: kernel BUG in __tlb_remove_page_size run #2: crashed: kernel BUG in __tlb_remove_page_size run #3: crashed: BUG: Bad rss-counter state run #4: crashed: BUG: Bad rss-counter state run #5: crashed: BUG: Bad rss-counter state run #6: crashed: kernel BUG in __tlb_remove_page_size run #7: crashed: kernel BUG in __tlb_remove_page_size run #8: crashed: BUG: Bad rss-counter state run #9: crashed: BUG: Bad rss-counter state # git bisect bad ee7c03394ee7cca0553da02f0183c80bc67d0437 Bisecting: 2025 revisions left to test after this (roughly 11 steps) [15a574485700eac3b8611770d69a809b09cc8529] Merge tag 'drm-intel-gt-next-2023-02-01' of git://anongit.freedesktop.org/drm/drm-intel into drm-next testing commit 15a574485700eac3b8611770d69a809b09cc8529 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 58f59ecf7e280b549a3e6d8a5313996e2efde17b6d0179efd8ce667dd2113bb5 all runs: OK # git bisect good 15a574485700eac3b8611770d69a809b09cc8529 Bisecting: 1012 revisions left to test after this (roughly 10 steps) [028fb19c6ba743ed308ba99ac325afa968795e0f] netlink: provide an ability to set default extack message testing commit 028fb19c6ba743ed308ba99ac325afa968795e0f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2f3d5a07a4545f353db4f37f6df847dff32c7cd3cd444dcb08e2900700fadd5e all runs: OK # git bisect good 028fb19c6ba743ed308ba99ac325afa968795e0f Bisecting: 370 revisions left to test after this (roughly 9 steps) [7f5c9ff883663a058ded436e08a0dd52f88ef1c6] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git testing commit 7f5c9ff883663a058ded436e08a0dd52f88ef1c6 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: be80147d2c0807de2a8aa2f3fff47e775aaf67f939af70f9fa80ee613ac7a40e all runs: OK # git bisect good 7f5c9ff883663a058ded436e08a0dd52f88ef1c6 Bisecting: 218 revisions left to test after this (roughly 8 steps) [4020ab1690f0a4bb97da7a9d8c71869ca3aae602] Merge branch 'for-6.3/block' into for-next testing commit 4020ab1690f0a4bb97da7a9d8c71869ca3aae602 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a89eb2b8836a19775149cdff3d31d506ff9de940012648d0a3bc114ed2ad3db6 run #0: crashed: BUG: Bad rss-counter state run #1: crashed: BUG: non-zero pgtables_bytes on freeing mm: NUM run #2: crashed: BUG: Bad rss-counter state run #3: crashed: kernel BUG in __tlb_remove_page_size run #4: crashed: kernel BUG in __tlb_remove_page_size run #5: crashed: kernel BUG in __tlb_remove_page_size run #6: crashed: BUG: Bad rss-counter state run #7: crashed: kernel BUG in __tlb_remove_page_size run #8: crashed: BUG: Bad rss-counter state run #9: crashed: kernel BUG in __tlb_remove_page_size # git bisect bad 4020ab1690f0a4bb97da7a9d8c71869ca3aae602 Bisecting: 79 revisions left to test after this (roughly 6 steps) [0360f0d54226bb6be13cd3e2f1518907d7565f03] mm: move FOLL_PIN debug accounting under CONFIG_DEBUG_VM testing commit 0360f0d54226bb6be13cd3e2f1518907d7565f03 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6b13e18a4a2987eb4efa0ab1a2f7eb5a003142043d055129736d69bf6c53a60e run #0: crashed: BUG: Bad rss-counter state run #1: crashed: BUG: Bad rss-counter state run #2: crashed: kernel BUG in __tlb_remove_page_size run #3: crashed: BUG: Bad rss-counter state run #4: crashed: BUG: Bad rss-counter state run #5: crashed: kernel BUG in __tlb_remove_page_size run #6: crashed: WARNING in aa_file_perm run #7: crashed: kernel BUG in __tlb_remove_page_size run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #9: crashed: kernel BUG in __tlb_remove_page_size # git bisect bad 0360f0d54226bb6be13cd3e2f1518907d7565f03 Bisecting: 35 revisions left to test after this (roughly 5 steps) [5f2779dfa7b8cc7dfd4a1b6586d86e0d193266f3] blk-iocost: avoid 64-bit division in ioc_timer_fn testing commit 5f2779dfa7b8cc7dfd4a1b6586d86e0d193266f3 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fb5756dff6dfae8b4c3ed2796b1406632458688aab4613364deafb61380aed4d all runs: OK # git bisect good 5f2779dfa7b8cc7dfd4a1b6586d86e0d193266f3 Bisecting: 17 revisions left to test after this (roughly 4 steps) [0c3e09e8854bcd3f7c45de85007ed283342b3464] block, bfq: correctly raise inject limit in bfq_choose_bfqq_for_injection testing commit 0c3e09e8854bcd3f7c45de85007ed283342b3464 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7c88890d024e37ded887e8f7d4eb34a3840369927b728545c2599750b29c0fa8 all runs: OK # git bisect good 0c3e09e8854bcd3f7c45de85007ed283342b3464 Bisecting: 9 revisions left to test after this (roughly 3 steps) [fd20d0c1852ebb3f37ec7101feb0cdd8695f32a5] block: convert bio_map_user_iov to use iov_iter_extract_pages testing commit fd20d0c1852ebb3f37ec7101feb0cdd8695f32a5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 01a53b215c40e42e018715f76f303532e4c020fe91e8784dfa0c3cb0c7ad843b run #0: crashed: kernel BUG in __tlb_remove_page_size run #1: crashed: BUG: Bad rss-counter state run #2: crashed: BUG: corrupted list in icmp6_dst_alloc run #3: crashed: BUG: Bad rss-counter state run #4: crashed: BUG: Bad rss-counter state run #5: crashed: BUG: Bad rss-counter state run #6: crashed: kernel BUG in __tlb_remove_page_size run #7: crashed: kernel BUG in __tlb_remove_page_size run #8: crashed: BUG: Bad rss-counter state run #9: crashed: BUG: Bad rss-counter state # git bisect bad fd20d0c1852ebb3f37ec7101feb0cdd8695f32a5 Bisecting: 3 revisions left to test after this (roughly 2 steps) [0d68ca6a7334e9c3294efc6d8ead9a54cd0554ce] block: Fix bio_flagged() so that gcc can better optimise it testing commit 0d68ca6a7334e9c3294efc6d8ead9a54cd0554ce gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 87e4982942de92a858309afd6dfc9d0d9c92a5e74f715a2016c6e43eb8514391 all runs: OK # git bisect good 0d68ca6a7334e9c3294efc6d8ead9a54cd0554ce Bisecting: 1 revision left to test after this (roughly 1 step) [239a8cba3fa90144913e61efcc61ee62472603a7] block: Add BIO_PAGE_PINNED and associated infrastructure testing commit 239a8cba3fa90144913e61efcc61ee62472603a7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 94f547978a89f61f0b903ddd522acbcb847dab5069a09d3a803a2300360edafa all runs: OK # git bisect good 239a8cba3fa90144913e61efcc61ee62472603a7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [920756a3306a35f1c08f25207d375885bef98975] block: Convert bio_iov_iter_get_pages to use iov_iter_extract_pages testing commit 920756a3306a35f1c08f25207d375885bef98975 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9f1ef7d911562c365ec504d15ac58024a5f6600d02e8db3befbc17119cf539dc run #0: crashed: kernel BUG in __tlb_remove_page_size run #1: crashed: BUG: Bad rss-counter state run #2: crashed: BUG: Bad rss-counter state run #3: crashed: general protection fault in unlink_anon_vmas run #4: crashed: kernel BUG in validate_mm_mt run #5: crashed: BUG: corrupted list in icmp6_dst_alloc run #6: crashed: BUG: corrupted list in ip6_dst_destroy run #7: crashed: BUG: Bad rss-counter state run #8: crashed: BUG: Bad rss-counter state run #9: crashed: BUG: Bad rss-counter state # git bisect bad 920756a3306a35f1c08f25207d375885bef98975 920756a3306a35f1c08f25207d375885bef98975 is the first bad commit commit 920756a3306a35f1c08f25207d375885bef98975 Author: David Howells Date: Sat Jan 21 13:51:18 2023 +0100 block: Convert bio_iov_iter_get_pages to use iov_iter_extract_pages This will pin pages or leave them unaltered rather than getting a ref on them as appropriate to the iterator. The pages need to be pinned for DIO rather than having refs taken on them to prevent VM copy-on-write from malfunctioning during a concurrent fork() (the result of the I/O could otherwise end up being affected by/visible to the child process). Signed-off-by: David Howells Reviewed-by: Christoph Hellwig Reviewed-by: John Hubbard cc: Al Viro cc: Jens Axboe cc: Jan Kara cc: Matthew Wilcox cc: Logan Gunthorpe cc: linux-block@vger.kernel.org block/bio.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) culprit signature: 9f1ef7d911562c365ec504d15ac58024a5f6600d02e8db3befbc17119cf539dc parent signature: 94f547978a89f61f0b903ddd522acbcb847dab5069a09d3a803a2300360edafa revisions tested: 16, total time: 5h30m27.046939834s (build: 3h14m22.431784384s, test: 2h13m8.360344609s) first bad commit: 920756a3306a35f1c08f25207d375885bef98975 block: Convert bio_iov_iter_get_pages to use iov_iter_extract_pages recipients (to): ["dhowells@redhat.com" "hch@lst.de" "jhubbard@nvidia.com"] recipients (cc): [] crash: BUG: Bad rss-counter state BUG: Bad rss-counter state mm:ffff88801c1e2bc0 type:MM_ANONPAGES val:1 BUG: non-zero pgtables_bytes on freeing mm: 8192