bisecting cause commit starting from 6cab33afc3dd17bd9922c99a828f5680b4667cd9 building syzkaller on 45c0c1b10e35e15cb801070d046648a15198232c testing commit 6cab33afc3dd17bd9922c99a828f5680b4667cd9 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: null-ptr-deref Read in reclaim_high testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 all runs: OK # git bisect start 6cab33afc3dd17bd9922c99a828f5680b4667cd9 v4.20 Bisecting: 6600 revisions left to test after this (roughly 13 steps) [0e9da3fbf7d81f0f913b491c8de1ba7883d4f217] Merge tag 'for-4.21/block-20181221' of git://git.kernel.dk/linux-block testing commit 0e9da3fbf7d81f0f913b491c8de1ba7883d4f217 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0e9da3fbf7d81f0f913b491c8de1ba7883d4f217 Bisecting: 3245 revisions left to test after this (roughly 12 steps) [b7badd1d7aa61087010803affa19bb83fb5a0af1] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit b7badd1d7aa61087010803affa19bb83fb5a0af1 with gcc (GCC) 8.1.0 all runs: OK # git bisect good b7badd1d7aa61087010803affa19bb83fb5a0af1 Bisecting: 1623 revisions left to test after this (roughly 11 steps) [460cc2d20183566ab96efd2d8ea5a5671f16a9b1] Merge remote-tracking branch 'leaks/leaks-next' testing commit 460cc2d20183566ab96efd2d8ea5a5671f16a9b1 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 460cc2d20183566ab96efd2d8ea5a5671f16a9b1 Bisecting: 769 revisions left to test after this (roughly 10 steps) [6ff00e77305e2e1102e198d55f21d1b61334b553] Merge remote-tracking branch 'drm-intel/for-linux-next' testing commit 6ff00e77305e2e1102e198d55f21d1b61334b553 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6ff00e77305e2e1102e198d55f21d1b61334b553 Bisecting: 386 revisions left to test after this (roughly 9 steps) [c22088a4259dd2251ad3eedc3b445b2a4c8f2f6c] Merge remote-tracking branch 'percpu/for-next' testing commit c22088a4259dd2251ad3eedc3b445b2a4c8f2f6c with gcc (GCC) 8.1.0 all runs: OK # git bisect good c22088a4259dd2251ad3eedc3b445b2a4c8f2f6c Bisecting: 193 revisions left to test after this (roughly 8 steps) [784b17c740e304cf7333e945bae2a39881831036] Merge remote-tracking branch 'coresight/next' testing commit 784b17c740e304cf7333e945bae2a39881831036 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 784b17c740e304cf7333e945bae2a39881831036 Bisecting: 96 revisions left to test after this (roughly 7 steps) [e49371e8516d6285dec3e2fd922f1c1d8a8e5a7a] mm, compaction: round-robin the order while searching the free lists for a target testing commit e49371e8516d6285dec3e2fd922f1c1d8a8e5a7a with gcc (GCC) 8.1.0 all runs: OK # git bisect good e49371e8516d6285dec3e2fd922f1c1d8a8e5a7a Bisecting: 48 revisions left to test after this (roughly 6 steps) [586144b96c9ca16a18779cec20e7da30bab252f4] epoll: use rwlock in order to reduce ep_poll_callback() contention testing commit 586144b96c9ca16a18779cec20e7da30bab252f4 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: null-ptr-deref Read in reclaim_high # git bisect bad 586144b96c9ca16a18779cec20e7da30bab252f4 Bisecting: 23 revisions left to test after this (roughly 5 steps) [a27d0554da444cd23c2a54a566be2493f1d33ed7] mm-mmu_notifier-contextual-information-for-event-triggering-invalidation-v2-fix-fix testing commit a27d0554da444cd23c2a54a566be2493f1d33ed7 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: null-ptr-deref Read in reclaim_high # git bisect bad a27d0554da444cd23c2a54a566be2493f1d33ed7 Bisecting: 11 revisions left to test after this (roughly 4 steps) [ba2e1197bf8805d0a74c124741a17714a98b833b] mm, oom: mark all killed tasks as oom victims testing commit ba2e1197bf8805d0a74c124741a17714a98b833b with gcc (GCC) 8.1.0 all runs: crashed: KASAN: null-ptr-deref Read in reclaim_high # git bisect bad ba2e1197bf8805d0a74c124741a17714a98b833b Bisecting: 5 revisions left to test after this (roughly 3 steps) [32def77f96dfa22b08298c5809f2e81ed17d0a53] mm: create the new vm_fault_t type testing commit 32def77f96dfa22b08298c5809f2e81ed17d0a53 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 32def77f96dfa22b08298c5809f2e81ed17d0a53 Bisecting: 2 revisions left to test after this (roughly 2 steps) [2b453050f98a2099d87421940e6abbc4fdd8539a] mm/memcontrol.c: use struct_size() in kmalloc() testing commit 2b453050f98a2099d87421940e6abbc4fdd8539a with gcc (GCC) 8.1.0 all runs: OK # git bisect good 2b453050f98a2099d87421940e6abbc4fdd8539a Bisecting: 0 revisions left to test after this (roughly 1 step) [29a4b8e275d1f10c51c7891362877ef6cffae9e7] memcg: schedule high reclaim for remote memcgs on high_work testing commit 29a4b8e275d1f10c51c7891362877ef6cffae9e7 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: null-ptr-deref Read in reclaim_high # git bisect bad 29a4b8e275d1f10c51c7891362877ef6cffae9e7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [a63f4fb6f52e30016127dbea0f0844f461530274] mm/filemap.c: remove redundant test from find_get_pages_contig testing commit a63f4fb6f52e30016127dbea0f0844f461530274 with gcc (GCC) 8.1.0 all runs: OK # git bisect good a63f4fb6f52e30016127dbea0f0844f461530274 29a4b8e275d1f10c51c7891362877ef6cffae9e7 is the first bad commit commit 29a4b8e275d1f10c51c7891362877ef6cffae9e7 Author: Shakeel Butt Date: Thu Jan 10 09:02:21 2019 +1100 memcg: schedule high reclaim for remote memcgs on high_work If a memcg is over high limit, memory reclaim is scheduled to run on return-to-userland. However it is assumed that the memcg is the current process's memcg. With remote memcg charging for kmem or swapping in a page charged to remote memcg, current process can trigger reclaim on remote memcg. So, schduling reclaim on return-to-userland for remote memcgs will ignore the high reclaim altogether. So, record the memcg needing high reclaim and trigger high reclaim for that memcg on return-to-userland. However if the memcg is already recorded for high reclaim and the recorded memcg is not the descendant of the the memcg needing high reclaim, punt the high reclaim to the work queue. Link: http://lkml.kernel.org/r/20190108200538.80371-1-shakeelb@google.com Signed-off-by: Shakeel Butt Cc: Johannes Weiner Cc: Vladimir Davydov Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Stephen Rothwell :040000 040000 4a181057e5f43b1e126be189556142ea73772e3f 86070890ef7eb7f2a8a569110ba2324c510f1be8 M include :040000 040000 11dcb92d686abfbcf1af072d9edd23d2d7e7b711 f2db54490d81e94f773b0d6ab8a36f848cb1a22e M kernel :040000 040000 1465463fc127792861a12433f8c28c5ce28c3bbc 4685152d5820b3a9b3037cb989ba5efe4748226d M mm revisions tested: 16, total time: 3h38m53.850433423s (build: 1h37m46.110725104s, test: 1h57m20.261697009s) first bad commit: 29a4b8e275d1f10c51c7891362877ef6cffae9e7 memcg: schedule high reclaim for remote memcgs on high_work cc: ["akpm@linux-foundation.org" "hannes@cmpxchg.org" "mhocko@suse.com" "sfr@canb.auug.org.au" "shakeelb@google.com" "vdavydov.dev@gmail.com"] crash: KASAN: null-ptr-deref Read in reclaim_high IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready ================================================================== IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready BUG: KASAN: null-ptr-deref in atomic64_read include/asm-generic/atomic-instrumented.h:27 [inline] BUG: KASAN: null-ptr-deref in atomic_long_read include/asm-generic/atomic-long.h:47 [inline] BUG: KASAN: null-ptr-deref in page_counter_read include/linux/page_counter.h:47 [inline] BUG: KASAN: null-ptr-deref in reclaim_high.constprop.69+0xa6/0x1e0 mm/memcontrol.c:2137 Read of size 8 at addr 0000000000000138 by task syz-executor1/7115 IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready CPU: 1 PID: 7115 Comm: syz-executor1 Not tainted 5.0.0-rc1+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1d3/0x2c6 lib/dump_stack.c:113 IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready kasan_report.cold.6+0x5/0x39 mm/kasan/report.c:321 IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/generic.c:191 kasan_check_read+0x11/0x20 mm/kasan/common.c:100 IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready atomic64_read include/asm-generic/atomic-instrumented.h:27 [inline] atomic_long_read include/asm-generic/atomic-long.h:47 [inline] page_counter_read include/linux/page_counter.h:47 [inline] reclaim_high.constprop.69+0xa6/0x1e0 mm/memcontrol.c:2137 IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready mem_cgroup_handle_over_high+0xc1/0x180 mm/memcontrol.c:2166 tracehook_notify_resume include/linux/tracehook.h:190 [inline] exit_to_usermode_loop+0x287/0x380 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath+0x533/0x5e0 arch/x86/entry/common.c:268 IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network ret_from_fork+0x15/0x50 arch/x86/entry/entry_64.S:344 hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network RIP: 0033:0x458779 IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready Code: ff 48 85 f6 0f 84 77 a3 fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 4e a3 fb ff 74 01 c3 31 ed 58 5f ff d0 48 89 c7 e8 RSP: 002b:00007f023785ddb0 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 RAX: 0000000000000000 RBX: 00007f023785e700 RCX: 0000000000458779 IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready RDX: 00007f023785e9d0 RSI: 00007f023785ddb0 RDI: 00000000003d0f00 RBP: 00007ffec8b6e730 R08: 00007f023785e700 R09: 00007f023785e700 R10: 00007f023785e9d0 R11: 0000000000000202 R12: 0000000000000000 R13: 00007ffec8b6e5af R14: 00007f023785e700 R15: 0000000000000000 ================================================================== 8021q: adding VLAN 0 to HW filter on device batadv0