ci starts bisection 2025-07-01 21:05:59.700110057 +0000 UTC m=+14122.002549845 bisecting cause commit starting from 1343433ed38923a21425c602e92120a1f1db5f7a building syzkaller on fc9d8ee542c85682943812ee52a252cbc934118d fetch other tags and check if the commit is present ensuring issue is reproducible on original commit 1343433ed38923a21425c602e92120a1f1db5f7a testing commit 1343433ed38923a21425c602e92120a1f1db5f7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 0ab8dd067d8b2b0ea2e6849ca63eb8c002c5596b2fda01519e2c5432248b0f13 all runs: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN LOCKDEP HANG LEAK UBSAN], they are not needed testing commit 1343433ed38923a21425c602e92120a1f1db5f7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 28776badb22bea318568b87acea7bf0f80cc249010d0cea93290bf754c5b61df run #0: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #1: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #2: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #3: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #4: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #5: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #6: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #7: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #8: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #9: boot failed: can't ssh into the instance representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] the bug reproduces without the instrumentation disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed kconfig minimization: base=4095 full=8382 leaves diff=2123 split chunks (needed=false): <2123> split chunk #0 of len 2123 into 5 parts testing without sub-chunk 1/5 disabling configs for [LOCKDEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 1343433ed38923a21425c602e92120a1f1db5f7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 86330b7bc6f935e73ee894bc8701d74131a548b797fd75369b822c4b2da2f902 all runs: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP HANG], they are not needed testing commit 1343433ed38923a21425c602e92120a1f1db5f7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 82784f7dece1ffc6e327fc2b62cee56491bdbf55543098579efa637bff12c15b run #0: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #1: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #2: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #3: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #4: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #5: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #6: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #7: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed testing commit 1343433ed38923a21425c602e92120a1f1db5f7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 068582f8d1e384ddaace952c4385ce548c3c7f39b02d0ce6f566f391251fb78f run #0: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #1: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #2: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #3: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #4: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #5: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #6: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #7: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #8: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl run #9: boot failed: can't ssh into the instance representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit 1343433ed38923a21425c602e92120a1f1db5f7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 3523434ddf0add39958b91fa9906231c2fa98e2d42b435430b0d92d60c82da00 all runs: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [KASAN LOCKDEP HANG LEAK UBSAN BUG], they are not needed testing commit 1343433ed38923a21425c602e92120a1f1db5f7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 0c7f6ea5969b6e79c208282b9ea2bb9ccc37ceb8838619c40f489cfde2b38004 all runs: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] the chunk can be dropped disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed picked [v6.15 v6.14 v6.13 v6.11 v6.9 v6.7 v6.5 v6.3 v6.0 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 38 release tags testing release v6.15 testing commit 0ff41df1cb268fc69e703a08a57ee14ae967d0ca gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: df413f13897496af2142c38c1157c3442b4c11c8052ad84ed920325a80abeb8a all runs: OK false negative chance: 0.000 # git bisect start 1343433ed38923a21425c602e92120a1f1db5f7a 0ff41df1cb268fc69e703a08a57ee14ae967d0ca Bisecting: 10397 revisions left to test after this (roughly 13 steps) [ec71f661a572a770d7c861cd52a50cbbb0e1a8d1] Merge tag 'soc-dt-6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit ec71f661a572a770d7c861cd52a50cbbb0e1a8d1 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 17cb821c1258945f918e597cb5a47694caf74a77a66dffa0658807957122b2a0 all runs: OK false negative chance: 0.000 # git bisect good ec71f661a572a770d7c861cd52a50cbbb0e1a8d1 Bisecting: 5218 revisions left to test after this (roughly 12 steps) [5a39eca422aa2dfda873b4fd7426176028e3c725] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux.git testing commit 5a39eca422aa2dfda873b4fd7426176028e3c725 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 5029232035f116fbfce6ad20d708dc89015f248d60923e778ff790be6dde18a4 all runs: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] # git bisect bad 5a39eca422aa2dfda873b4fd7426176028e3c725 Bisecting: 2775 revisions left to test after this (roughly 11 steps) [a100922a3855eb35ecd465f1d558546b1e144445] Merge tag 'staging-6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit a100922a3855eb35ecd465f1d558546b1e144445 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: b17309d6988d65acf84b28ecfcbf4e2a693a11ccf326bf7b6955533449893388 all runs: OK false negative chance: 0.000 # git bisect good a100922a3855eb35ecd465f1d558546b1e144445 Bisecting: 1355 revisions left to test after this (roughly 11 steps) [5c8013ae2e86ec36b07500ba4cacb14ab4d6f728] Merge tag 'net-6.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 5c8013ae2e86ec36b07500ba4cacb14ab4d6f728 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 32be059ea169b48aad8976538646173359375c5a709faa41f9f0b8cd5bd32e0a all runs: OK false negative chance: 0.000 # git bisect good 5c8013ae2e86ec36b07500ba4cacb14ab4d6f728 Bisecting: 677 revisions left to test after this (roughly 9 steps) [2e8dc576de7a95d5cccaf6db2c06fd502f0bbc0d] Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine.git testing commit 2e8dc576de7a95d5cccaf6db2c06fd502f0bbc0d gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 3f6adfdda0cf9d6522e2842d73a504421da5570f9b136bcf6b00443daa4a3935 all runs: OK false negative chance: 0.000 # git bisect good 2e8dc576de7a95d5cccaf6db2c06fd502f0bbc0d Bisecting: 365 revisions left to test after this (roughly 8 steps) [8adc7c1e8478d50e4653b8cd1d39e6220b289a88] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git testing commit 8adc7c1e8478d50e4653b8cd1d39e6220b289a88 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 27d008bff851f1053a832daf3037981c33c495ea95fe7540a3c806468ed7a00f all runs: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] # git bisect bad 8adc7c1e8478d50e4653b8cd1d39e6220b289a88 Bisecting: 155 revisions left to test after this (roughly 7 steps) [a729193532a07fa4a01ef2a23f219da56a9aefdf] mm-memcg-make-memoryreclaim-interface-generic-fix testing commit a729193532a07fa4a01ef2a23f219da56a9aefdf gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 01b03ba747c7e336b7b0ab9541c02bd5e350537c676aa38b2e213a66fefe02b6 all runs: OK false negative chance: 0.000 # git bisect good a729193532a07fa4a01ef2a23f219da56a9aefdf Bisecting: 85 revisions left to test after this (roughly 6 steps) [ed8d305e15f6af68e7324b6e7c92299da72a048d] Merge branch 'for-linux-next-fixes' of https://gitlab.freedesktop.org/drm/misc/kernel.git testing commit ed8d305e15f6af68e7324b6e7c92299da72a048d gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: b6a2012d112a140c69c00cb204fd37f34270954d40279af1dfd9350d4af77fe3 all runs: OK false negative chance: 0.000 # git bisect good ed8d305e15f6af68e7324b6e7c92299da72a048d Bisecting: 42 revisions left to test after this (roughly 6 steps) [128450833a0656f3ffaf4738936d217f58670f36] fs/proc/vmcore: a few cleanups for vmcore_add_device_dump() testing commit 128450833a0656f3ffaf4738936d217f58670f36 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 2f371fbe8c623c37b86aa478ecd4fb5c4c7343372f1a729235ac2c5606721202 all runs: OK false negative chance: 0.000 # git bisect good 128450833a0656f3ffaf4738936d217f58670f36 Bisecting: 21 revisions left to test after this (roughly 5 steps) [8b877c5aaaaf9b5170928d0e033ea9b0c538fc94] mm/maps: execute PROCMAP_QUERY ioctl under per-vma locks testing commit 8b877c5aaaaf9b5170928d0e033ea9b0c538fc94 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 1c3a86cda1e891d2038fbcafb0cce290f29a187b923780ea6da3c811629e29c8 all runs: crashed: BUG: sleeping function called from invalid context in procfs_procmap_ioctl representative crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl, types: [ATOMIC_SLEEP] # git bisect bad 8b877c5aaaaf9b5170928d0e033ea9b0c538fc94 Bisecting: 10 revisions left to test after this (roughly 3 steps) [f12893b2aa9170209b68466eb51360f084bb27a8] mm/madvise: thread VMA range state through madvise_behavior testing commit f12893b2aa9170209b68466eb51360f084bb27a8 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: bd72ea7dd26107e93a432fa4bac10b01690af7f9f836c7928e7fbcb49ffc7ec9 all runs: OK false negative chance: 0.000 # git bisect good f12893b2aa9170209b68466eb51360f084bb27a8 Bisecting: 5 revisions left to test after this (roughly 3 steps) [5b5afaec4518105536a62f15ea1cbe991037533c] selftests/proc: extend /proc/pid/maps tearing test to include vma resizing testing commit 5b5afaec4518105536a62f15ea1cbe991037533c gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: da33bbd1401b74b2860971931d67bee885abf0da94a1426963df48a956a66877 all runs: OK false negative chance: 0.000 # git bisect good 5b5afaec4518105536a62f15ea1cbe991037533c Bisecting: 2 revisions left to test after this (roughly 2 steps) [3ea9634c32967befff1e88a6441e6896b3c53d06] selftests/proc: add verbose more for tests to facilitate debugging testing commit 3ea9634c32967befff1e88a6441e6896b3c53d06 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: da440d68134cdca17230e58dbce1c0a591e0021feabcfd2ec6f4f10bdb694474 all runs: OK false negative chance: 0.000 # git bisect good 3ea9634c32967befff1e88a6441e6896b3c53d06 Bisecting: 0 revisions left to test after this (roughly 1 step) [d87e3ddbccebbcf061794347422005777602c282] mm/madvise: fixup stray mmap lock assert in anon_vma_name() testing commit d87e3ddbccebbcf061794347422005777602c282 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 83c0e3cc12954e1e2e3e81ddd5febc466811e5e04c0288081f12d24721e4b48d all runs: OK false negative chance: 0.000 # git bisect good d87e3ddbccebbcf061794347422005777602c282 8b877c5aaaaf9b5170928d0e033ea9b0c538fc94 is the first bad commit commit 8b877c5aaaaf9b5170928d0e033ea9b0c538fc94 Author: Suren Baghdasaryan Date: Tue Jun 24 12:33:59 2025 -0700 mm/maps: execute PROCMAP_QUERY ioctl under per-vma locks Utilize per-vma locks to stabilize vma after lookup without taking mmap_lock during PROCMAP_QUERY ioctl execution. While we might take mmap_lock for reading during contention, we do that momentarily only to lock the vma. This change is designed to reduce mmap_lock contention and prevent PROCMAP_QUERY ioctl calls from blocking address space updates. Link: https://lkml.kernel.org/r/20250624193359.3865351-8-surenb@google.com Signed-off-by: Suren Baghdasaryan Acked-by: Andrii Nakryiko Cc: Alexey Dobriyan Cc: Christian Brauner Cc: Christophe Leroy Cc: David Hildenbrand Cc: Jann Horn Cc: Johannes Weiner Cc: Josef Bacik Cc: Kalesh Singh Cc: Liam Howlett Cc: Lorenzo Stoakes Cc: Matthew Wilcox (Oracle) Cc: Michal Hocko Cc: Oscar Salvador Cc: "Paul E . McKenney" Cc: Peter Xu Cc: Ryan Roberts Cc: Shuah Khan Cc: Thomas Weißschuh Cc: T.J. Mercier Cc: Vlastimil Babka Cc: Ye Bin Signed-off-by: Andrew Morton fs/proc/task_mmu.c | 56 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 44 insertions(+), 12 deletions(-) accumulated error probability: 0.00 culprit signature: 1c3a86cda1e891d2038fbcafb0cce290f29a187b923780ea6da3c811629e29c8 parent signature: 83c0e3cc12954e1e2e3e81ddd5febc466811e5e04c0288081f12d24721e4b48d revisions tested: 22, total time: 7h16m20.594712054s (build: 4h7m3.492607005s, test: 2h44m39.088151707s) first bad commit: 8b877c5aaaaf9b5170928d0e033ea9b0c538fc94 mm/maps: execute PROCMAP_QUERY ioctl under per-vma locks recipients (to): ["akpm@linux-foundation.org" "andrii@kernel.org" "surenb@google.com"] recipients (cc): [] crash: BUG: sleeping function called from invalid context in procfs_procmap_ioctl BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 2905, name: syz.3.16 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 2 locks held by syz.3.16/2905: #0: ffffffff8277a930 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff8277a930 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #0: ffffffff8277a930 (rcu_read_lock){....}-{1:2}, at: query_vma_setup+0x10/0x50 fs/proc/task_mmu.c:499 #1: ffff888109746088 (vm_lock){....}-{0:0}, at: get_next_vma+0xa6/0xe0 fs/proc/task_mmu.c:182 CPU: 0 UID: 0 PID: 2905 Comm: syz.3.16 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(undef) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: dump_stack_lvl+0xa2/0xf0 lib/dump_stack.c:120 __might_resched+0x1bc/0x1e0 kernel/sched/core.c:8800 might_alloc include/linux/sched/mm.h:321 [inline] slab_pre_alloc_hook mm/slub.c:4100 [inline] slab_alloc_node mm/slub.c:4178 [inline] __do_kmalloc_node mm/slub.c:4328 [inline] __kmalloc_noprof+0xb5/0x4d0 mm/slub.c:4341 kmalloc_noprof include/linux/slab.h:909 [inline] do_procmap_query fs/proc/task_mmu.c:690 [inline] procfs_procmap_ioctl+0x460/0x6a0 fs/proc/task_mmu.c:748 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0x69/0xc0 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb15469e929 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb15410f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fb1548c5fa0 RCX: 00007fb15469e929 RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000003 RBP: 00007fb154720b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fb1548c5fa0 R15: 00007ffd77e53388