bisecting cause commit starting from a804ab086e9de200e2e70600996db7fc14c91959 building syzkaller on 1880b4a9f394370a7d1fcb5c1cfca0fa1127b463 testing commit a804ab086e9de200e2e70600996db7fc14c91959 with gcc (GCC) 8.1.0 kernel signature: 701a64e224cdea5a8b77db527bd4d00f1a1e8b9bf78e7f09b0eeff4308a2bb9d all runs: crashed: WARNING in pin_user_pages_locked testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 9d74afbe34763dbc945a3037ee3159733c20d0fc9ee746b1d5c5f64e0ab3349d all runs: OK # git bisect start a804ab086e9de200e2e70600996db7fc14c91959 bcf876870b95592b52519ed4aafcf9d95999bc9c Bisecting: 14870 revisions left to test after this (roughly 14 steps) [1796164fac7e348f74a0f1f1cae995b22d002315] dt-bindings: mmc: document alias support testing commit 1796164fac7e348f74a0f1f1cae995b22d002315 with gcc (GCC) 8.1.0 kernel signature: 7725938118b7280408167246f3e731dce8cabc10f9206acf4833405cffe9d01c all runs: OK # git bisect good 1796164fac7e348f74a0f1f1cae995b22d002315 Bisecting: 6914 revisions left to test after this (roughly 13 steps) [ccbc56a7fe933f6bd031919ffeb6d2d7427c0a8d] Merge remote-tracking branch 'net-next/master' into master testing commit ccbc56a7fe933f6bd031919ffeb6d2d7427c0a8d with gcc (GCC) 8.1.0 kernel signature: c97758271a3ff768b72821b3b0a3d8d1a593989c56d34688538fe286b955441e all runs: OK # git bisect good ccbc56a7fe933f6bd031919ffeb6d2d7427c0a8d Bisecting: 3586 revisions left to test after this (roughly 12 steps) [bf761c46cba15c9d725ee04050a54f721176a699] Merge remote-tracking branch 'spi/for-next' into master testing commit bf761c46cba15c9d725ee04050a54f721176a699 with gcc (GCC) 8.1.0 kernel signature: fbe6836f3322ed529b84526dddc237a974f50b3ae0c6ae15c99dfc198fd4874b all runs: OK # git bisect good bf761c46cba15c9d725ee04050a54f721176a699 Bisecting: 1648 revisions left to test after this (roughly 11 steps) [13d0e9f21562c9c13af8b4995647891871192af8] Merge remote-tracking branch 'char-misc/char-misc-next' into master testing commit 13d0e9f21562c9c13af8b4995647891871192af8 with gcc (GCC) 8.1.0 kernel signature: 0611efae8273ad50c6576e97d57b3d300a0a527976b617b7e7842f94b89e4f33 all runs: OK # git bisect good 13d0e9f21562c9c13af8b4995647891871192af8 Bisecting: 827 revisions left to test after this (roughly 10 steps) [7d9d176c4480ac390961e4a7af9384eb41a98d5a] Merge remote-tracking branch 'vhost/linux-next' into master testing commit 7d9d176c4480ac390961e4a7af9384eb41a98d5a with gcc (GCC) 8.1.0 kernel signature: d98afcb8e6a8b116b93449e6a07d33824f5906a03d786048722f871b64f3420a all runs: OK # git bisect good 7d9d176c4480ac390961e4a7af9384eb41a98d5a Bisecting: 432 revisions left to test after this (roughly 9 steps) [05be379ca95b0b5bfce9b4d55ff4b32b83acb1df] Merge remote-tracking branch 'memblock/for-next' into master testing commit 05be379ca95b0b5bfce9b4d55ff4b32b83acb1df with gcc (GCC) 8.1.0 kernel signature: befea273a0b2058ce8a99bb9dd20a0226a1da44daeaffa776aed0ed5f54dbfc1 all runs: OK # git bisect good 05be379ca95b0b5bfce9b4d55ff4b32b83acb1df Bisecting: 216 revisions left to test after this (roughly 8 steps) [7e26752b632d03aa96bb31408c3ade46dd516444] arch, mm: replace for_each_memblock() with for_each_mem_pfn_range() testing commit 7e26752b632d03aa96bb31408c3ade46dd516444 with gcc (GCC) 8.1.0 kernel signature: ea2fc0ec8bd105e0f149fb8ebc042b3b0406de437a27c226beb24774587b25a6 all runs: crashed: WARNING in pin_user_pages_locked # git bisect bad 7e26752b632d03aa96bb31408c3ade46dd516444 Bisecting: 107 revisions left to test after this (roughly 7 steps) [6d46b39a38fc38663770dbf724357665a8a7c760] mm/page_io.c: remove useless out label in __swap_writepage() testing commit 6d46b39a38fc38663770dbf724357665a8a7c760 with gcc (GCC) 8.1.0 kernel signature: d133afdefe8f56aea4564fe2b979fd6d21fdf89e146b1c44573b5cc91f364329 all runs: crashed: WARNING in pin_user_pages_locked # git bisect bad 6d46b39a38fc38663770dbf724357665a8a7c760 Bisecting: 53 revisions left to test after this (roughly 6 steps) [0a4967c69f31b1eb6abb98f4a600762547006a50] drivers/base: make device_find_child_by_name() compatible with sysfs inputs testing commit 0a4967c69f31b1eb6abb98f4a600762547006a50 with gcc (GCC) 8.1.0 kernel signature: 7f182670e948b4a860681a17ce151a03a965a326860dcf79e922e383d7126e23 all runs: OK # git bisect good 0a4967c69f31b1eb6abb98f4a600762547006a50 Bisecting: 26 revisions left to test after this (roughly 5 steps) [4bb8eb5ca5d07f4b1f095a28c35a3328cabc3093] mm/debug_vm_pgtable: avoid none pte in pte_clear_test testing commit 4bb8eb5ca5d07f4b1f095a28c35a3328cabc3093 with gcc (GCC) 8.1.0 kernel signature: b6c5e44dd12a59f6f0a17b63e310f93aee2ecb52494ae05115b08bfc213a6d2f all runs: OK # git bisect good 4bb8eb5ca5d07f4b1f095a28c35a3328cabc3093 Bisecting: 13 revisions left to test after this (roughly 4 steps) [a30e6842ca030101ef86555683c03c5af6fee22b] mm/filemap: fix filemap_map_pages for THP testing commit a30e6842ca030101ef86555683c03c5af6fee22b with gcc (GCC) 8.1.0 kernel signature: a86cffc5b360837bb2a22f82b11f16068b1b07c476670592d15eb91c25dd19bf all runs: OK # git bisect good a30e6842ca030101ef86555683c03c5af6fee22b Bisecting: 6 revisions left to test after this (roughly 3 steps) [2bb5dc0327a167c2a2185f2c7e20116ecea891bd] mm/frame-vec: drop gup_flags from get_vaddr_frames() testing commit 2bb5dc0327a167c2a2185f2c7e20116ecea891bd with gcc (GCC) 8.1.0 kernel signature: cd1955bcad757bf28d2a6b9f7ef232b38c7d12d391ea3bcbdc06c46181937ba2 all runs: OK # git bisect good 2bb5dc0327a167c2a2185f2c7e20116ecea891bd Bisecting: 3 revisions left to test after this (roughly 2 steps) [e340d48d407251609d61583ca26f91ddc666e651] mm: remove activate_page() from unuse_pte() testing commit e340d48d407251609d61583ca26f91ddc666e651 with gcc (GCC) 8.1.0 kernel signature: 46b653931b978a11c28bd59a3eaac7a6a0b00a894c85e61abcb9b48c28326b08 run #0: crashed: WARNING in pin_user_pages_locked run #1: crashed: WARNING in pin_user_pages_locked run #2: crashed: WARNING in pin_user_pages_locked run #3: crashed: WARNING in corrupted run #4: crashed: WARNING in pin_user_pages_locked run #5: crashed: WARNING in pin_user_pages_locked run #6: crashed: WARNING in pin_user_pages_locked run #7: crashed: WARNING in pin_user_pages_locked run #8: crashed: WARNING in pin_user_pages_locked run #9: crashed: WARNING in pin_user_pages_locked # git bisect bad e340d48d407251609d61583ca26f91ddc666e651 Bisecting: 0 revisions left to test after this (roughly 1 step) [7bc65dd90de5d65d00e8c5f0daade4b5cb20bda1] swap: rename SWP_FS to SWAP_FS_OPS to avoid ambiguity testing commit 7bc65dd90de5d65d00e8c5f0daade4b5cb20bda1 with gcc (GCC) 8.1.0 kernel signature: 3548001b59ced20d45dbf7bc048d04164a346bb7cf509021133f0475c4239cc8 all runs: crashed: WARNING in pin_user_pages_locked # git bisect bad 7bc65dd90de5d65d00e8c5f0daade4b5cb20bda1 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d53807afc288c71eb9374f102d49cc01f6b6c760] mm/frame-vec: use FOLL_LONGTERM testing commit d53807afc288c71eb9374f102d49cc01f6b6c760 with gcc (GCC) 8.1.0 kernel signature: 210594157e43d0b02e5291094fa792ac2828564b208841d3a75e8a4f26bb5d9f all runs: crashed: WARNING in pin_user_pages_locked # git bisect bad d53807afc288c71eb9374f102d49cc01f6b6c760 d53807afc288c71eb9374f102d49cc01f6b6c760 is the first bad commit commit d53807afc288c71eb9374f102d49cc01f6b6c760 Author: Daniel Vetter Date: Sat Oct 3 18:01:38 2020 +1000 mm/frame-vec: use FOLL_LONGTERM For $reasons I've stumbled over this code and I'm not sure the change to the new gup functions in 55a650c35fea ("mm/gup: frame_vector: convert get_user_pages() --> pin_user_pages()") was entirely correct. This here is used for long term buffers (not just quick I/O) like RDMA, and John notes this in his patch. But I thought the rule for these is that they need to add FOLL_LONGTERM, which John's patch didn't do. There is already a dax specific check (added in b7f0554a56f2 ("mm: fail get_vaddr_frames() for filesystem-dax mappings")), so this seems like the prudent thing to do. Link: https://lkml.kernel.org/r/20201002175303.390363-2-daniel.vetter@ffwll.ch Signed-off-by: Daniel Vetter Cc: John Hubbard Cc: Jérôme Glisse Cc: Jan Kara Cc: Dan Williams Cc: Jason Gunthorpe Cc: Greg Kroah-Hartman Cc: Inki Dae Cc: Joonyoung Shim Cc: Krzysztof Kozlowski Cc: Kukjin Kim Cc: Kyungmin Park Cc: Marek Szyprowski Cc: Oded Gabbay Cc: Omer Shpigelman Cc: Pawel Osciak Cc: Pawel Piskorski Cc: Seung-Woo Kim Cc: Tomasz Figa Cc: Tomer Tayar Signed-off-by: Andrew Morton Signed-off-by: Stephen Rothwell mm/frame_vector.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: 210594157e43d0b02e5291094fa792ac2828564b208841d3a75e8a4f26bb5d9f parent signature: cd1955bcad757bf28d2a6b9f7ef232b38c7d12d391ea3bcbdc06c46181937ba2 revisions tested: 17, total time: 3h37m19.486214691s (build: 1h28m50.885676129s, test: 2h6m6.27004875s) first bad commit: d53807afc288c71eb9374f102d49cc01f6b6c760 mm/frame-vec: use FOLL_LONGTERM recipients (to): ["akpm@linux-foundation.org" "daniel.vetter@ffwll.ch" "daniel.vetter@intel.com" "sfr@canb.auug.org.au"] recipients (cc): [] crash: WARNING in pin_user_pages_locked ------------[ cut here ]------------ WARNING: CPU: 0 PID: 8344 at mm/gup.c:2987 __get_user_pages_locked mm/gup.c:1362 [inline] WARNING: CPU: 0 PID: 8344 at mm/gup.c:2987 pin_user_pages_locked+0x205/0x290 mm/gup.c:2995 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 8344 Comm: syz-executor.0 Not tainted 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xa3/0xcc lib/dump_stack.c:118 panic+0x16e/0x353 kernel/panic.c:231 __warn.cold.13+0x20/0x2c kernel/panic.c:600 report_bug+0xc0/0xf0 lib/bug.c:198 handle_bug+0x35/0x90 arch/x86/kernel/traps.c:234 exc_invalid_op+0x13/0x60 arch/x86/kernel/traps.c:254 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536 RIP: 0010:pin_user_pages_locked+0x205/0x290 mm/gup.c:2987 Code: 48 83 6c 24 10 01 0f 84 6a ff ff ff 49 8d 44 24 08 4d 85 e4 41 bf 01 00 00 00 4c 0f 45 e0 48 81 c5 00 10 00 00 e9 7b fe ff ff <0f> 0b 48 c7 44 24 08 ea ff ff ff e9 ff fe ff ff 0f 0b 48 c7 44 24 RSP: 0018:ffffc90002ed79e0 EFLAGS: 00010206 RAX: ffff888121bd4200 RBX: 0000000000000110 RCX: ffff88810e687010 RDX: 0000000000010011 RSI: 0000000000000110 RDI: 0000000000400000 RBP: ffff88810e687010 R08: ffffc90002ed7a54 R09: 0000000000000000 R10: ffff88810e95a6c0 R11: 661f3712cd703f28 R12: ffff88810e687000 R13: 0000000000400040 R14: ffff8881203d6640 R15: 0000000000400000 get_vaddr_frames+0x22a/0x260 mm/frame_vector.c:75 vb2_create_framevec+0x48/0x90 drivers/media/common/videobuf2/videobuf2-memops.c:50 vb2_vmalloc_get_userptr+0x49/0x14e drivers/media/common/videobuf2/videobuf2-vmalloc.c:90 __prepare_userptr+0xeb/0x920 drivers/media/common/videobuf2/videobuf2-core.c:1117 __buf_prepare+0x16e/0x1c0 drivers/media/common/videobuf2/videobuf2-core.c:1356 vb2_core_qbuf+0x334/0x590 drivers/media/common/videobuf2/videobuf2-core.c:1647 vb2_qbuf+0x69/0xa0 drivers/media/common/videobuf2/videobuf2-v4l2.c:825 __video_do_ioctl+0x1ce/0x570 drivers/media/v4l2-core/v4l2-ioctl.c:2990 video_usercopy+0x120/0x650 drivers/media/v4l2-core/v4l2-ioctl.c:3306 v4l2_ioctl+0x5c/0x80 drivers/media/v4l2-core/v4l2-dev.c:360 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x7c/0xb0 fs/ioctl.c:739 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45de29 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fa1e26d2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000001c640 RCX: 000000000045de29 RDX: 0000000020000140 RSI: 00000000c058560f RDI: 0000000000000003 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffe1d786fff R14: 00007fa1e26d39c0 R15: 000000000118bf2c Kernel Offset: disabled Rebooting in 86400 seconds..