bisecting cause commit starting from bef7b2a7be28638770972ab2709adf11d601c11a
building syzkaller on 5ed396e666c7826bed46f06c4db1409376691fed
testing commit bef7b2a7be28638770972ab2709adf11d601c11a with gcc (GCC) 8.1.0
kernel signature: 689d5b2132af327b26abcf8f44527065413ba5a391d9ff5a5b310a4bd56d5c51
all runs: crashed: general protection fault in kernel_get_mempolicy
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 858b6c44aa2739ded0ef0c46ef64f0cab399fba3e338e24e070a740b9a86c1a9
all runs: OK
# git bisect start bef7b2a7be28638770972ab2709adf11d601c11a 7111951b8d4973bda27ff663f2cf18b663d15b48
Bisecting: 3821 revisions left to test after this (roughly 12 steps)
[29d9f30d4ce6c7a38745a54a8cddface10013490] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
testing commit 29d9f30d4ce6c7a38745a54a8cddface10013490 with gcc (GCC) 8.1.0
kernel signature: c77b61551c7e1e75d69e1c1418b581f89dca09c491859ca8dbd983660de549eb
all runs: OK
# git bisect good 29d9f30d4ce6c7a38745a54a8cddface10013490
Bisecting: 1948 revisions left to test after this (roughly 11 steps)
[50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 with gcc (GCC) 8.1.0
kernel signature: 248db911e65388febc8d3062d2448a240312830470ee9b541a3e0d031bbc84e2
run #0: basic kernel testing failed: timed out
run #1: basic kernel testing failed: timed out
run #2: basic kernel testing failed: timed out
run #3: basic kernel testing failed: timed out
run #4: basic kernel testing failed: timed out
run #5: basic kernel testing failed: timed out
run #6: basic kernel testing failed: timed out
run #7: basic kernel testing failed: timed out
run #8: OK
run #9: OK
# git bisect skip 50a5de895dbe5df947b3a695777db5b2c313e065
Bisecting: 1948 revisions left to test after this (roughly 11 steps)
[181aea8948e1e78f3cf59e1261d481011dfc3b10] scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow
testing commit 181aea8948e1e78f3cf59e1261d481011dfc3b10 with gcc (GCC) 8.1.0
kernel signature: 410fabdbb2bc8bae26dec92d700d03d3390129fce1fb2d4e1f1a83a17dbd37f3
all runs: OK
# git bisect good 181aea8948e1e78f3cf59e1261d481011dfc3b10
Bisecting: 1805 revisions left to test after this (roughly 11 steps)
[397a97946798890b9bdaa6122fcfad7147690670] Merge tag 'linux-kselftest-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
testing commit 397a97946798890b9bdaa6122fcfad7147690670 with gcc (GCC) 8.1.0
kernel signature: 8700ae2288a9f27b557702ff4bafcb3680f17be77a5e990fc05e8b7cb5249874
all runs: OK
# git bisect good 397a97946798890b9bdaa6122fcfad7147690670
Bisecting: 901 revisions left to test after this (roughly 10 steps)
[c6570114316fbbce4ac5f970578adaf3cbf07ec3] Merge tag 'rproc-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc
testing commit c6570114316fbbce4ac5f970578adaf3cbf07ec3 with gcc (GCC) 8.1.0
kernel signature: e6638e7bd565b0ac1cc7fa3561a8ac651fd25ba45dc1d8b193a406601f75ad3a
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad c6570114316fbbce4ac5f970578adaf3cbf07ec3
Bisecting: 493 revisions left to test after this (roughly 9 steps)
[7be97138e7276c71cc9ad1752dcb502d28f4400d] Merge tag 'xfs-5.7-merge-8' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
testing commit 7be97138e7276c71cc9ad1752dcb502d28f4400d with gcc (GCC) 8.1.0
kernel signature: de47d48281aec0d9f68048e98c6fa640005750914da591a409ec8fe7cced4f3d
run #0: boot failed: can't ssh into the instance
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 7be97138e7276c71cc9ad1752dcb502d28f4400d
Bisecting: 250 revisions left to test after this (roughly 8 steps)
[830948eb68265ac7f3f364aa9801550feafec0d6] Merge tag 'kvm-s390-next-5.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD
testing commit 830948eb68265ac7f3f364aa9801550feafec0d6 with gcc (GCC) 8.1.0
kernel signature: f5738d47bc82611321abb4f7a576dbc217397214e948e1f0ce2f364349f04867
all runs: OK
# git bisect good 830948eb68265ac7f3f364aa9801550feafec0d6
Bisecting: 125 revisions left to test after this (roughly 7 steps)
[4b7930626747079ca3a7c278d36002c6627eeb88] mm/vmscan.c: make may_enter_fs bool in shrink_page_list()
testing commit 4b7930626747079ca3a7c278d36002c6627eeb88 with gcc (GCC) 8.1.0
kernel signature: b76501b86d76e47b87f47ed326c9aee7eeb45ac21fb87226e29a63e416aa42ea
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 4b7930626747079ca3a7c278d36002c6627eeb88
Bisecting: 61 revisions left to test after this (roughly 6 steps)
[10eaec2f63b6b4b9e3d2efbdb95789579aa8f64e] mm: kmem: cleanup (__)memcg_kmem_charge_memcg() arguments
testing commit 10eaec2f63b6b4b9e3d2efbdb95789579aa8f64e with gcc (GCC) 8.1.0
kernel signature: d43b93980810803864bbc7fb3d46207fc07745bf03b9e6a7627ea309807959e9
all runs: OK
# git bisect good 10eaec2f63b6b4b9e3d2efbdb95789579aa8f64e
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[8b9a65fd282c1d2e5b8ba8d8afaf652cde27b5e7] mm: return faster for non-fatal signals in user mode faults
testing commit 8b9a65fd282c1d2e5b8ba8d8afaf652cde27b5e7 with gcc (GCC) 8.1.0
kernel signature: dcff26340321365428d01b17f06a79acca552ca4ae1fbd8665bd64f54ca52b62
all runs: OK
# git bisect good 8b9a65fd282c1d2e5b8ba8d8afaf652cde27b5e7
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[3af776f601dc13e1cae1f0f461407533669cf666] mm/sparse.c: use kvmalloc/kvfree to alloc/free memmap for the classic sparse
testing commit 3af776f601dc13e1cae1f0f461407533669cf666 with gcc (GCC) 8.1.0
kernel signature: fd442d411479c2c0f91384a70aa71481393c6e743c0f832edd0b6f6c0580fb3f
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 3af776f601dc13e1cae1f0f461407533669cf666
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[86a76331d94c4cfa72fe1831dbe4b492f66fdb81] mm: clarify a confusing comment for remap_pfn_range()
testing commit 86a76331d94c4cfa72fe1831dbe4b492f66fdb81 with gcc (GCC) 8.1.0
kernel signature: 9a7f01a49ffee7b83e8958087cf91a3cf91e3f4eacd02dfd75fefcb654bbe292
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 86a76331d94c4cfa72fe1831dbe4b492f66fdb81
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[4064b982706375025628094e51d11cf1a958a5d3] mm: allow VM_FAULT_RETRY for multiple times
testing commit 4064b982706375025628094e51d11cf1a958a5d3 with gcc (GCC) 8.1.0
kernel signature: 399d63f37ef96ef7311d349a593a0ff4b7fb2ede0227796401182394c734f4d1
all runs: OK
# git bisect good 4064b982706375025628094e51d11cf1a958a5d3
Bisecting: 1 revision left to test after this (roughly 1 step)
[71335f37c5e8ec9225285206f7f875057b9737ad] mm/gup: allow to react to fatal signals
testing commit 71335f37c5e8ec9225285206f7f875057b9737ad with gcc (GCC) 8.1.0
kernel signature: 8bf19bccacb13ad5a3f02181d6480f244851c705915bc2691b68d7349a2fc4bd
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 71335f37c5e8ec9225285206f7f875057b9737ad
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[4426e945df588f2878affddf88a51259200f7e29] mm/gup: allow VM_FAULT_RETRY for multiple times
testing commit 4426e945df588f2878affddf88a51259200f7e29 with gcc (GCC) 8.1.0
kernel signature: 4ba4a051928bbae2922cb6f14c49015626d60c7de9f1efe452cdfb9340931358
all runs: crashed: general protection fault in kernel_get_mempolicy
# git bisect bad 4426e945df588f2878affddf88a51259200f7e29
4426e945df588f2878affddf88a51259200f7e29 is the first bad commit
commit 4426e945df588f2878affddf88a51259200f7e29
Author: Peter Xu <peterx@redhat.com>
Date:   Wed Apr 1 21:08:49 2020 -0700

    mm/gup: allow VM_FAULT_RETRY for multiple times
    
    This is the gup counterpart of the change that allows the VM_FAULT_RETRY
    to happen for more than once.  One thing to mention is that we must check
    the fatal signal here before retry because the GUP can be interrupted by
    that, otherwise we can loop forever.
    
    Signed-off-by: Peter Xu <peterx@redhat.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Tested-by: Brian Geffon <bgeffon@google.com>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Cc: Bobby Powers <bobbypowers@gmail.com>
    Cc: David Hildenbrand <david@redhat.com>
    Cc: Denis Plotnikov <dplotnikov@virtuozzo.com>
    Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Jerome Glisse <jglisse@redhat.com>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: "Kirill A . Shutemov" <kirill@shutemov.name>
    Cc: Martin Cracauer <cracauer@cons.org>
    Cc: Marty McFadden <mcfadden8@llnl.gov>
    Cc: Matthew Wilcox <willy@infradead.org>
    Cc: Maya Gokhale <gokhale2@llnl.gov>
    Cc: Mel Gorman <mgorman@suse.de>
    Cc: Mike Kravetz <mike.kravetz@oracle.com>
    Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
    Cc: Pavel Emelyanov <xemul@openvz.org>
    Link: http://lkml.kernel.org/r/20200220195357.16371-1-peterx@redhat.com
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

 mm/gup.c     | 27 +++++++++++++++++++++------
 mm/hugetlb.c |  6 ++++--
 2 files changed, 25 insertions(+), 8 deletions(-)
culprit signature: 4ba4a051928bbae2922cb6f14c49015626d60c7de9f1efe452cdfb9340931358
parent  signature: 399d63f37ef96ef7311d349a593a0ff4b7fb2ede0227796401182394c734f4d1
revisions tested: 17, total time: 4h25m4.012480477s (build: 1h41m53.7158914s, test: 2h41m51.763916787s)
first bad commit: 4426e945df588f2878affddf88a51259200f7e29 mm/gup: allow VM_FAULT_RETRY for multiple times
cc: ["akpm@linux-foundation.org" "bgeffon@google.com" "peterx@redhat.com" "torvalds@linux-foundation.org"]
crash: general protection fault in kernel_get_mempolicy
general protection fault, probably for non-canonical address 0xdffffc000010f5c1: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x000000000087ae08-0x000000000087ae0f]
CPU: 1 PID: 14194 Comm: syz-executor.0 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:page_to_nid include/linux/mm.h:1245 [inline]
RIP: 0010:lookup_node mm/mempolicy.c:877 [inline]
RIP: 0010:do_get_mempolicy mm/mempolicy.c:941 [inline]
RIP: 0010:kernel_get_mempolicy+0x4d1/0xf10 mm/mempolicy.c:1586
Code: cf 48 89 c1 e8 f0 f6 f3 ff 85 c0 0f 88 10 06 00 00 48 8b 94 24 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 f6 08 00 00 48 8b 1a 48 83 fb ff 0f 84 bb 06 00
RSP: 0018:ffffc90003c3fdb8 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: ffffc90003c3ff58 RCX: 000000000010f5c1
RDX: 000000000087ae0f RSI: dffffc0000000000 RDI: ffff8880a013a8d8
RBP: 1ffff92000787fbc R08: ffffed1014027431 R09: ffffed1014027431
R10: ffffed1014027430 R11: ffff8880a013a187 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88c60ce0
FS:  00007f54e86e5700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000c0 CR3: 0000000099da2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __do_sys_get_mempolicy mm/mempolicy.c:1604 [inline]
 __se_sys_get_mempolicy mm/mempolicy.c:1600 [inline]
 __x64_sys_get_mempolicy+0xb5/0x150 mm/mempolicy.c:1600
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f54e86e4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ef
RAX: ffffffffffffffda RBX: 00007f54e86e56d4 RCX: 000000000045c849
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 000000000076bf00 R08: 0000000000000003 R09: 0000000000000000
R10: 000000002073b000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000000eb R14: 00000000004c371a R15: 000000000076bf0c
Modules linked in:
---[ end trace 9a1b706444a34847 ]---
RIP: 0010:page_to_nid include/linux/mm.h:1245 [inline]
RIP: 0010:lookup_node mm/mempolicy.c:877 [inline]
RIP: 0010:do_get_mempolicy mm/mempolicy.c:941 [inline]
RIP: 0010:kernel_get_mempolicy+0x4d1/0xf10 mm/mempolicy.c:1586
Code: cf 48 89 c1 e8 f0 f6 f3 ff 85 c0 0f 88 10 06 00 00 48 8b 94 24 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <80> 3c 01 00 0f 85 f6 08 00 00 48 8b 1a 48 83 fb ff 0f 84 bb 06 00
RSP: 0018:ffffc90003c3fdb8 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: ffffc90003c3ff58 RCX: 000000000010f5c1
RDX: 000000000087ae0f RSI: dffffc0000000000 RDI: ffff8880a013a8d8
RBP: 1ffff92000787fbc R08: ffffed1014027431 R09: ffffed1014027431
R10: ffffed1014027430 R11: ffff8880a013a187 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88c60ce0
FS:  00007f54e86e5700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efc3e84f000 CR3: 0000000099da2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400