ci2 starts bisection 2023-05-03 01:25:03.621935104 +0000 UTC m=+12611.531476673 bisecting cause commit starting from 865fdb08197e657c59e74a35fa32362b12397f58 building syzkaller on 52d40fd252bb12a2d5ec5573ce4d03b63682dfdc ensuring issue is reproducible on original commit 865fdb08197e657c59e74a35fa32362b12397f58 testing commit 865fdb08197e657c59e74a35fa32362b12397f58 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dd7f62e6dee079b169e6851fcabc8008051eb5d62470f8107484a7d3eb1a4a41 all runs: crashed: KASAN: null-ptr-deref Read in filemap_fault testing release v6.3 testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 76187bb42d58ecef38a5d01f95d94fd9d683f2169751c1b4f944d788a8e785f4 all runs: OK # git bisect start 865fdb08197e657c59e74a35fa32362b12397f58 457391b0380335d5e9a5babdec90ac53928b23b4 Bisecting: 6780 revisions left to test after this (roughly 13 steps) [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit b68ee1c6131c540a62ecd443be89c406401df091 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c855997e6c89bcb36ac9aa1483128de5fe03ab82827a8e9876ada693327834db all runs: OK # git bisect good b68ee1c6131c540a62ecd443be89c406401df091 Bisecting: 3393 revisions left to test after this (roughly 12 steps) [725a345b2ee3c24f9ac2078eb73667e22a1b7214] Merge tag 'fbdev-for-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev testing commit 725a345b2ee3c24f9ac2078eb73667e22a1b7214 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d2493bddffd01e23ef72f86756aa9422ad1d0056ab813058dc38b905406d6279 all runs: OK # git bisect good 725a345b2ee3c24f9ac2078eb73667e22a1b7214 Bisecting: 1705 revisions left to test after this (roughly 11 steps) [7c339778f908875772c17f2e04ed731aac772881] Merge tag 'perf-core-2023-04-27' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 7c339778f908875772c17f2e04ed731aac772881 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7ede9387e3c908156258eb00839f79577ec7a1141d00ff2b59788622b000d353 all runs: crashed: KASAN: null-ptr-deref Read in filemap_fault # git bisect bad 7c339778f908875772c17f2e04ed731aac772881 Bisecting: 832 revisions left to test after this (roughly 10 steps) [cec24b8b6bb841a19b5c5555b600a511a8988100] Merge tag 'char-misc-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit cec24b8b6bb841a19b5c5555b600a511a8988100 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 768b68422c861aad1a8e8ed9df4a7e8f941319c55018acc4fa49455016855e97 all runs: OK # git bisect good cec24b8b6bb841a19b5c5555b600a511a8988100 Bisecting: 461 revisions left to test after this (roughly 9 steps) [4d4b6d66db63ceed399f1fb1a4b24081d2590eb1] mm,unmap: avoid flushing TLB in batch if PTE is inaccessible testing commit 4d4b6d66db63ceed399f1fb1a4b24081d2590eb1 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2df5ea35844b867ce87ba428a15f9459c03a2d9fbc6a1d8703549dcab7d2b676 all runs: crashed: KASAN: null-ptr-deref Read in filemap_fault # git bisect bad 4d4b6d66db63ceed399f1fb1a4b24081d2590eb1 Bisecting: 185 revisions left to test after this (roughly 8 steps) [17c05f18e54158a3eed0c22c85b7a756b63dcc01] mm: prevent do_swap_page from handling page faults under VMA lock testing commit 17c05f18e54158a3eed0c22c85b7a756b63dcc01 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6767cb85cd30ea562176cf5be5cfa898621b86a014b7aca927b02383f6f71ba0 all runs: crashed: KASAN: null-ptr-deref Read in filemap_fault # git bisect bad 17c05f18e54158a3eed0c22c85b7a756b63dcc01 Bisecting: 92 revisions left to test after this (roughly 7 steps) [66dabbb65d673aef40dd17bf62c042be8f6d4a4b] mm: return an ERR_PTR from __filemap_get_folio testing commit 66dabbb65d673aef40dd17bf62c042be8f6d4a4b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2401b3c5954ff58b2c8e212e047c5de3444c71c1a6e643e6d0346f042ea4c464 all runs: crashed: KASAN: null-ptr-deref Read in filemap_fault # git bisect bad 66dabbb65d673aef40dd17bf62c042be8f6d4a4b Bisecting: 45 revisions left to test after this (roughly 6 steps) [17c56de6a8c9970f56375c13f8654bbcbc94c090] mm, memcg: Prevent memory.oom_control load/store tearing testing commit 17c56de6a8c9970f56375c13f8654bbcbc94c090 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 07f7eaf4b81ab1702c55b28953e080ffab96cdb002b03e287ad6b16592c78851 all runs: OK # git bisect good 17c56de6a8c9970f56375c13f8654bbcbc94c090 Bisecting: 22 revisions left to test after this (roughly 5 steps) [b3cabea3c9153fd42fe5cb851ac58b51ea2b32b8] mm: vmscan: hold write lock to reparent shrinker nr_deferred testing commit b3cabea3c9153fd42fe5cb851ac58b51ea2b32b8 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eec4861127acfa7de070481ca192e0a6eb1fbe18b467dea180f2912d3a91b56b all runs: OK # git bisect good b3cabea3c9153fd42fe5cb851ac58b51ea2b32b8 Bisecting: 11 revisions left to test after this (roughly 4 steps) [36d1a28921a4012288e17ef5ac98329ce440d410] dmapool: rearrange page alloc failure handling testing commit 36d1a28921a4012288e17ef5ac98329ce440d410 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eaf3e580df094cf5a45220e457ea18668266c655d90ed4d8f0a1fd8cc1f1a2c7 all runs: OK # git bisect good 36d1a28921a4012288e17ef5ac98329ce440d410 Bisecting: 5 revisions left to test after this (roughly 3 steps) [1fb130b226a6385362899381e0025ba413cb27e6] mm: don't look at xarray value entries in split_huge_pages_in_file testing commit 1fb130b226a6385362899381e0025ba413cb27e6 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2f6caccea66d976d07ffc2a54c370a9590ffb70350da2158115b0d8b7713c4a1 all runs: OK # git bisect good 1fb130b226a6385362899381e0025ba413cb27e6 Bisecting: 2 revisions left to test after this (roughly 2 steps) [81914aff84e83561ab556dab380e7bbe9c2102b1] shmem: shmem_get_partial_folio use filemap_get_entry testing commit 81914aff84e83561ab556dab380e7bbe9c2102b1 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 37d9455dcd84fee4bb7b78d7ddf03395005ef7d726f7f45b1293d7d71dab91c9 all runs: OK # git bisect good 81914aff84e83561ab556dab380e7bbe9c2102b1 Bisecting: 0 revisions left to test after this (roughly 1 step) [48c9d11375fc66f1e59d0e9b27d121e015a50904] mm: remove FGP_ENTRY testing commit 48c9d11375fc66f1e59d0e9b27d121e015a50904 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d1a3ec459ea0914877599f3acf592cccea027a6d6c0e027a4d6db89f4bf7c253 all runs: OK # git bisect good 48c9d11375fc66f1e59d0e9b27d121e015a50904 66dabbb65d673aef40dd17bf62c042be8f6d4a4b is the first bad commit commit 66dabbb65d673aef40dd17bf62c042be8f6d4a4b Author: Christoph Hellwig Date: Tue Mar 7 15:34:10 2023 +0100 mm: return an ERR_PTR from __filemap_get_folio Instead of returning NULL for all errors, distinguish between: - no entry found and not asked to allocated (-ENOENT) - failed to allocate memory (-ENOMEM) - would block (-EAGAIN) so that callers don't have to guess the error based on the passed in flags. Also pass through the error through the direct callers: filemap_get_folio, filemap_lock_folio filemap_grab_folio and filemap_get_incore_folio. [hch@lst.de: fix null-pointer deref] Link: https://lkml.kernel.org/r/20230310070023.GA13563@lst.de Link: https://lkml.kernel.org/r/20230310043137.GA1624890@u2004 Link: https://lkml.kernel.org/r/20230307143410.28031-8-hch@lst.de Signed-off-by: Christoph Hellwig Acked-by: Ryusuke Konishi [nilfs2] Cc: Andreas Gruenbacher Cc: Hugh Dickins Cc: Matthew Wilcox (Oracle) Cc: Naoya Horiguchi Signed-off-by: Andrew Morton fs/afs/dir.c | 10 +++++----- fs/afs/dir_edit.c | 2 +- fs/afs/write.c | 4 ++-- fs/ext4/inode.c | 2 +- fs/ext4/move_extent.c | 8 ++++---- fs/hugetlbfs/inode.c | 2 +- fs/iomap/buffered-io.c | 11 ++--------- fs/netfs/buffered_read.c | 4 ++-- fs/nfs/file.c | 4 ++-- fs/nilfs2/page.c | 6 +++--- include/linux/pagemap.h | 11 ++++++----- mm/filemap.c | 14 ++++++++------ mm/folio-compat.c | 2 +- mm/huge_memory.c | 2 +- mm/hugetlb.c | 6 ++++-- mm/memcontrol.c | 2 +- mm/mincore.c | 2 +- mm/shmem.c | 4 ++-- mm/swap_state.c | 17 ++++++++++------- mm/swapfile.c | 4 ++-- mm/truncate.c | 15 ++++++++------- 21 files changed, 67 insertions(+), 65 deletions(-) culprit signature: 2401b3c5954ff58b2c8e212e047c5de3444c71c1a6e643e6d0346f042ea4c464 parent signature: d1a3ec459ea0914877599f3acf592cccea027a6d6c0e027a4d6db89f4bf7c253 revisions tested: 15, total time: 7h57m41.494112961s (build: 6h5m59.108556457s, test: 1h48m10.122506213s) first bad commit: 66dabbb65d673aef40dd17bf62c042be8f6d4a4b mm: return an ERR_PTR from __filemap_get_folio recipients (to): ["akpm@linux-foundation.org" "hch@lst.de"] recipients (cc): [] crash: KASAN: null-ptr-deref Read in filemap_fault RDX: 000000000208e24b RSI: 0000000020000000 RDI: 0000000000000005 RBP: 00007fa362fe01d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007fff0221995f R14: 00007fa362fe0300 R15: 0000000000022000 ================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:72 [inline] BUG: KASAN: null-ptr-deref in atomic_read include/linux/atomic/atomic-instrumented.h:27 [inline] BUG: KASAN: null-ptr-deref in page_ref_count include/linux/page_ref.h:67 [inline] BUG: KASAN: null-ptr-deref in put_page_testzero include/linux/mm.h:875 [inline] BUG: KASAN: null-ptr-deref in folio_put_testzero include/linux/mm.h:881 [inline] BUG: KASAN: null-ptr-deref in folio_put include/linux/mm.h:1308 [inline] BUG: KASAN: null-ptr-deref in filemap_fault+0xde1/0x12f0 mm/filemap.c:3382 Read of size 4 at addr 0000000000000028 by task syz-executor.0/5421 CPU: 1 PID: 5421 Comm: syz-executor.0 Not tainted 6.3.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x167/0x220 lib/dump_stack.c:106 print_report+0xe6/0x540 mm/kasan/report.c:433 kasan_report+0x176/0x1b0 mm/kasan/report.c:536 kasan_check_range+0x283/0x290 mm/kasan/generic.c:187 instrument_atomic_read include/linux/instrumented.h:72 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:27 [inline] page_ref_count include/linux/page_ref.h:67 [inline] put_page_testzero include/linux/mm.h:875 [inline] folio_put_testzero include/linux/mm.h:881 [inline] folio_put include/linux/mm.h:1308 [inline] filemap_fault+0xde1/0x12f0 mm/filemap.c:3382 __do_fault+0x10f/0x380 mm/memory.c:4142 do_read_fault mm/memory.c:4493 [inline] do_fault mm/memory.c:4622 [inline] handle_pte_fault mm/memory.c:4910 [inline] __handle_mm_fault mm/memory.c:5053 [inline] handle_mm_fault+0x1385/0x3f70 mm/memory.c:5199 do_user_addr_fault arch/x86/mm/fault.c:1407 [inline] handle_page_fault arch/x86/mm/fault.c:1498 [inline] exc_page_fault+0x5b1/0x7c0 arch/x86/mm/fault.c:1554 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570 RIP: 0010:fault_in_readable+0x142/0x310 mm/gup.c:1863 Code: 00 f0 ff ff eb 0a 4d 8d a0 ff 0f 00 00 4d 89 c6 49 01 f4 49 81 e4 00 f0 ff ff 4d 39 c4 72 6e 4d 39 e6 74 71 4c 89 f3 49 89 de <44> 8a 2b 41 0f b6 04 17 84 c0 75 16 4d 89 e6 44 88 6c 24 40 48 81 RSP: 0018:ffffc90004a579c0 EFLAGS: 00050287 RAX: 0000000000000000 RBX: 0000000020000000 RCX: 0000000004a57a00 RDX: dffffc0000000000 RSI: 0000000000001000 RDI: 1ffff9200094af3c RBP: ffffc90004a57a78 R08: 0000000020000000 R09: ffffc90004a57a00 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000020001000 R13: dffffc0000000000 R14: 0000000020000000 R15: 1ffff9200094af40 fault_in_iov_iter_readable+0xc5/0x220 lib/iov_iter.c:350 generic_perform_write+0x227/0x540 mm/filemap.c:3913 __generic_file_write_iter+0x143/0x340 mm/filemap.c:4051 udf_file_write_iter+0x253/0x530 fs/udf/file.c:115 call_write_iter include/linux/fs.h:1851 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x7ef/0xac0 fs/read_write.c:584 ksys_write+0x163/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa36228c169 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa362fe0168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fa3623abf80 RCX: 00007fa36228c169 RDX: 000000000208e24b RSI: 0000000020000000 RDI: 0000000000000005 RBP: 00007fa362fe01d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007fff0221995f R14: 00007fa362fe0300 R15: 0000000000022000 ================================================================== ---------------- Code disassembly (best guess), 4 bytes skipped: 0: eb 0a jmp 0xc 2: 4d 8d a0 ff 0f 00 00 lea 0xfff(%r8),%r12 9: 4d 89 c6 mov %r8,%r14 c: 49 01 f4 add %rsi,%r12 f: 49 81 e4 00 f0 ff ff and $0xfffffffffffff000,%r12 16: 4d 39 c4 cmp %r8,%r12 19: 72 6e jb 0x89 1b: 4d 39 e6 cmp %r12,%r14 1e: 74 71 je 0x91 20: 4c 89 f3 mov %r14,%rbx 23: 49 89 de mov %rbx,%r14 * 26: 44 8a 2b mov (%rbx),%r13b <-- trapping instruction 29: 41 0f b6 04 17 movzbl (%r15,%rdx,1),%eax 2e: 84 c0 test %al,%al 30: 75 16 jne 0x48 32: 4d 89 e6 mov %r12,%r14 35: 44 88 6c 24 40 mov %r13b,0x40(%rsp) 3a: 48 rex.W 3b: 81 .byte 0x81