bisecting fixing commit since a27fc14219f2e3c4a46ba9177b04d9b52c875532 building syzkaller on 829f023456746402c5e958e624a7cabf3bef2e30 testing commit a27fc14219f2e3c4a46ba9177b04d9b52c875532 with gcc (GCC) 8.1.0 kernel signature: a75cb4f6f7bc12adc418b701b1740366b961cb4e all runs: crashed: BUG: Bad rss-counter state testing current HEAD 9455d25f4e3b3d009fa1b810862e5b06229530e4 testing commit 9455d25f4e3b3d009fa1b810862e5b06229530e4 with gcc (GCC) 8.1.0 kernel signature: 5abb59011bdc1c1cbe51d1e1eb1351ba0e2d435d all runs: OK # git bisect start 9455d25f4e3b3d009fa1b810862e5b06229530e4 a27fc14219f2e3c4a46ba9177b04d9b52c875532 Bisecting: 67356 revisions left to test after this (roughly 16 steps) [d72cb8c7d9dbd9ce820c80f3fddb56b296ba96fc] Merge tag 'riscv-for-linus-5.1-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux testing commit d72cb8c7d9dbd9ce820c80f3fddb56b296ba96fc with gcc (GCC) 8.1.0 kernel signature: 0b326b0e7d28b8b995f16f8049ee7edd0fb2b8aa all runs: OK # git bisect bad d72cb8c7d9dbd9ce820c80f3fddb56b296ba96fc Bisecting: 33687 revisions left to test after this (roughly 15 steps) [7bacc01d3e597fb29d874e60eb2e0c6fd6f01ec0] Documentation: iavf: Prepare documentation for RST conversion testing commit 7bacc01d3e597fb29d874e60eb2e0c6fd6f01ec0 with gcc (GCC) 8.1.0 kernel signature: 95765450939a045cc1a5e2c7f45932ae2397cbca all runs: crashed: BUG: Bad rss-counter state # git bisect good 7bacc01d3e597fb29d874e60eb2e0c6fd6f01ec0 Bisecting: 16843 revisions left to test after this (roughly 14 steps) [f712a86c1406abf50b0dcff0500c723e2aca050a] perf python: Make sure the python binding output directory is in place testing commit f712a86c1406abf50b0dcff0500c723e2aca050a with gcc (GCC) 8.1.0 kernel signature: aef50d4d2db09cd0fb1038a3535f2e0e7e2212ad all runs: OK # git bisect bad f712a86c1406abf50b0dcff0500c723e2aca050a Bisecting: 8536 revisions left to test after this (roughly 13 steps) [044ee890286153a1aefb40cb8b6659921aecb38b] HID: input: simplify/fix high-res scroll event handling testing commit 044ee890286153a1aefb40cb8b6659921aecb38b with gcc (GCC) 8.1.0 kernel signature: ca80ee16700ce69aedf65ccfe56970670e2b4c3a run #0: crashed: BUG: Bad rss-counter state run #1: crashed: BUG: Bad rss-counter state run #2: crashed: BUG: Bad rss-counter state run #3: crashed: BUG: Bad rss-counter state run #4: crashed: BUG: Bad rss-counter state run #5: crashed: BUG: Bad rss-counter state run #6: crashed: BUG: Bad rss-counter state run #7: crashed: BUG: Bad rss-counter state run #8: crashed: BUG: Bad rss-counter state run #9: basic kernel testing failed: timed out # git bisect good 044ee890286153a1aefb40cb8b6659921aecb38b Bisecting: 4259 revisions left to test after this (roughly 12 steps) [d48f782e4fb20dc7ec935ca0ca41ae31e4a69362] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit d48f782e4fb20dc7ec935ca0ca41ae31e4a69362 with gcc (GCC) 8.1.0 kernel signature: d738165354e48c88837403e119a4decb5d917153 all runs: OK # git bisect bad d48f782e4fb20dc7ec935ca0ca41ae31e4a69362 Bisecting: 2138 revisions left to test after this (roughly 11 steps) [6444ccfd699cda8db5edaac7fa469d6a29aa9a47] Merge branch 'for-4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu testing commit 6444ccfd699cda8db5edaac7fa469d6a29aa9a47 with gcc (GCC) 8.1.0 kernel signature: ab88e6fb816b077a8d9999651484e34ae081291b all runs: crashed: BUG: Bad rss-counter state # git bisect good 6444ccfd699cda8db5edaac7fa469d6a29aa9a47 Bisecting: 1066 revisions left to test after this (roughly 10 steps) [f2ce1065e767fc7da106a5f5381d1e8f842dc6f4] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit f2ce1065e767fc7da106a5f5381d1e8f842dc6f4 with gcc (GCC) 8.1.0 kernel signature: 34d947eb78e3f470cd3a956951c9ac7e4e2234a6 all runs: crashed: BUG: Bad rss-counter state # git bisect good f2ce1065e767fc7da106a5f5381d1e8f842dc6f4 Bisecting: 540 revisions left to test after this (roughly 9 steps) [da59f180d529fc78591e71acf2c67114b8eff10d] Merge tag 'mtd/fixes-for-4.20-rc5' of git://git.infradead.org/linux-mtd testing commit da59f180d529fc78591e71acf2c67114b8eff10d with gcc (GCC) 8.1.0 kernel signature: 14175428df7db3f0caad9b6e50674052f50da3e3 all runs: crashed: BUG: Bad rss-counter state # git bisect good da59f180d529fc78591e71acf2c67114b8eff10d Bisecting: 268 revisions left to test after this (roughly 8 steps) [7e40b56c776f75a35838360bf6360e2aa9311f92] Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit 7e40b56c776f75a35838360bf6360e2aa9311f92 with gcc (GCC) 8.1.0 kernel signature: a8b518c1ee60554a734e1a142fe4924a1651eeeb all runs: OK # git bisect bad 7e40b56c776f75a35838360bf6360e2aa9311f92 Bisecting: 132 revisions left to test after this (roughly 7 steps) [4b78317679c4f3782a3cff0ddb269c1fcfde7621] Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 4b78317679c4f3782a3cff0ddb269c1fcfde7621 with gcc (GCC) 8.1.0 kernel signature: 019127adb5be13c799e9f4cf4f3234835e777ade all runs: OK # git bisect bad 4b78317679c4f3782a3cff0ddb269c1fcfde7621 Bisecting: 69 revisions left to test after this (roughly 6 steps) [06a5e1268a5fb9c2b346a3da6b97e85f2eba0f07] mm/khugepaged: collapse_shmem() do not crash on Compound testing commit 06a5e1268a5fb9c2b346a3da6b97e85f2eba0f07 with gcc (GCC) 8.1.0 kernel signature: 87be3024279394389808b916b5a5c920daa57c4a all runs: OK # git bisect bad 06a5e1268a5fb9c2b346a3da6b97e85f2eba0f07 Bisecting: 36 revisions left to test after this (roughly 5 steps) [d7aca8a78c8bc5d3707691aab13cb4f7f6de696f] Merge tag 'driver-core-4.20-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit d7aca8a78c8bc5d3707691aab13cb4f7f6de696f with gcc (GCC) 8.1.0 kernel signature: 3506431fba31ec78c5fc7de4e1d8f0f9ca5bb23b all runs: crashed: BUG: Bad rss-counter state # git bisect good d7aca8a78c8bc5d3707691aab13cb4f7f6de696f Bisecting: 18 revisions left to test after this (roughly 4 steps) [5618cf031fecda63847cafd1091e7b8bd626cdb1] lib/test_kmod.c: fix rmmod double free testing commit 5618cf031fecda63847cafd1091e7b8bd626cdb1 with gcc (GCC) 8.1.0 kernel signature: 00c43c67611c0bdb66cdcd1ed7e4ecd7bb166536 all runs: crashed: BUG: Bad rss-counter state # git bisect good 5618cf031fecda63847cafd1091e7b8bd626cdb1 Bisecting: 9 revisions left to test after this (roughly 3 steps) [903e8ff86753e6f327bb92166a0665e4ecb8e2e7] kernel/kcov.c: mark funcs in __sanitizer_cov_trace_pc() as notrace testing commit 903e8ff86753e6f327bb92166a0665e4ecb8e2e7 with gcc (GCC) 8.1.0 kernel signature: f4f50f890f109d94f70832a12eff472f4490de1d all runs: crashed: BUG: Bad rss-counter state # git bisect good 903e8ff86753e6f327bb92166a0665e4ecb8e2e7 Bisecting: 4 revisions left to test after this (roughly 2 steps) [701270fa193aadf00bdcf607738f64997275d4c7] mm/khugepaged: collapse_shmem() stop if punched or truncated testing commit 701270fa193aadf00bdcf607738f64997275d4c7 with gcc (GCC) 8.1.0 kernel signature: d537d9cef3c0431bf90386ec8b0e996abca7019e all runs: OK # git bisect bad 701270fa193aadf00bdcf607738f64997275d4c7 Bisecting: 2 revisions left to test after this (roughly 1 step) [906f9cdfc2a0800f13683f9e4ebdfd08c12ee81b] mm/huge_memory: rename freeze_page() to unmap_page() testing commit 906f9cdfc2a0800f13683f9e4ebdfd08c12ee81b with gcc (GCC) 8.1.0 kernel signature: 3d2144d638d30e81401a5d2e77775929dbad7651 all runs: crashed: BUG: Bad rss-counter state # git bisect good 906f9cdfc2a0800f13683f9e4ebdfd08c12ee81b Bisecting: 0 revisions left to test after this (roughly 1 step) [006d3ff27e884f80bd7d306b041afc415f63598f] mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() testing commit 006d3ff27e884f80bd7d306b041afc415f63598f with gcc (GCC) 8.1.0 kernel signature: 734477fb135868c95ddd5ab7d31d64c75c8931df all runs: OK # git bisect bad 006d3ff27e884f80bd7d306b041afc415f63598f Bisecting: 0 revisions left to test after this (roughly 0 steps) [173d9d9fd3ddae84c110fea8aedf1f26af6be9ec] mm/huge_memory: splitting set mapping+index before unfreeze testing commit 173d9d9fd3ddae84c110fea8aedf1f26af6be9ec with gcc (GCC) 8.1.0 kernel signature: da4b2a063098464f24a2410e42b08df90703bd44 all runs: OK # git bisect bad 173d9d9fd3ddae84c110fea8aedf1f26af6be9ec 173d9d9fd3ddae84c110fea8aedf1f26af6be9ec is the first bad commit commit 173d9d9fd3ddae84c110fea8aedf1f26af6be9ec Author: Hugh Dickins Date: Fri Nov 30 14:10:16 2018 -0800 mm/huge_memory: splitting set mapping+index before unfreeze Huge tmpfs stress testing has occasionally hit shmem_undo_range()'s VM_BUG_ON_PAGE(page_to_pgoff(page) != index, page). Move the setting of mapping and index up before the page_ref_unfreeze() in __split_huge_page_tail() to fix this: so that a page cache lookup cannot get a reference while the tail's mapping and index are unstable. In fact, might as well move them up before the smp_wmb(): I don't see an actual need for that, but if I'm missing something, this way round is safer than the other, and no less efficient. You might argue that VM_BUG_ON_PAGE(page_to_pgoff(page) != index, page) is misplaced, and should be left until after the trylock_page(); but left as is has not crashed since, and gives more stringent assurance. Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1811261516380.2275@eggly.anvils Fixes: e9b61f19858a5 ("thp: reintroduce split_huge_page()") Requires: 605ca5ede764 ("mm/huge_memory.c: reorder operations in __split_huge_page_tail()") Signed-off-by: Hugh Dickins Acked-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Jerome Glisse Cc: Matthew Wilcox Cc: [4.8+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) kernel signature: da4b2a063098464f24a2410e42b08df90703bd44 previous signature: 3d2144d638d30e81401a5d2e77775929dbad7651 revisions tested: 20, total time: 4h9m23.360365485s (build: 1h40m45.856031148s, test: 2h25m41.543183653s) first good commit: 173d9d9fd3ddae84c110fea8aedf1f26af6be9ec mm/huge_memory: splitting set mapping+index before unfreeze cc: ["akpm@linux-foundation.org" "hughd@google.com" "jglisse@redhat.com" "khlebnikov@yandex-team.ru" "kirill.shutemov@linux.intel.com" "torvalds@linux-foundation.org" "willy@infradead.org"]