bisecting cause commit starting from 1ab75b2e415a29dba9aec94f203c6f88dbfc0ba0 building syzkaller on ae13a849e613cd929bbcf98bec83e1bdb30a62b1 testing commit 1ab75b2e415a29dba9aec94f203c6f88dbfc0ba0 with gcc (GCC) 8.1.0 kernel signature: 20a503663524d7a9d80aac2ffe74238869323137 all runs: crashed: BUG: unable to handle kernel paging request in pcpu_alloc testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 9ef988fcb0a97e532490a7498c8e0fdaea3538cf all runs: OK # git bisect start 1ab75b2e415a29dba9aec94f203c6f88dbfc0ba0 219d54332a09e8d8741c1e1982f5eae56099de85 Bisecting: 7724 revisions left to test after this (roughly 13 steps) [8c39f71ee2019e77ee14f88b1321b2348db51820] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 8c39f71ee2019e77ee14f88b1321b2348db51820 with gcc (GCC) 8.1.0 kernel signature: 8f460b8100e5c3dadd85e16584e5442029cd9c55 all runs: OK # git bisect good 8c39f71ee2019e77ee14f88b1321b2348db51820 Bisecting: 3860 revisions left to test after this (roughly 12 steps) [f350c137ddb9295b202d2290a0f5b7f848aa7240] Merge remote-tracking branch 'reset-fixes/reset/fixes' testing commit f350c137ddb9295b202d2290a0f5b7f848aa7240 with gcc (GCC) 8.1.0 kernel signature: 3de4f4bab5289043a570a3e21f4637933ebab97f all runs: crashed: BUG: unable to handle kernel paging request in pcpu_alloc # git bisect bad f350c137ddb9295b202d2290a0f5b7f848aa7240 Bisecting: 1930 revisions left to test after this (roughly 11 steps) [05bd375b6bdede3748023e130990c9b6214fd46a] Merge tag 'for-5.5/io_uring-post-20191128' of git://git.kernel.dk/linux-block testing commit 05bd375b6bdede3748023e130990c9b6214fd46a with gcc (GCC) 8.1.0 kernel signature: 5ada5ba88a9cc7cbf415c296c4279b33d43b882f all runs: OK # git bisect good 05bd375b6bdede3748023e130990c9b6214fd46a Bisecting: 957 revisions left to test after this (roughly 10 steps) [99a0d9f5e87352c4bd8d01bc9b39f7091c12e4d4] Merge tag 'gpio-v5.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio testing commit 99a0d9f5e87352c4bd8d01bc9b39f7091c12e4d4 with gcc (GCC) 8.1.0 kernel signature: 0e21bef040a53b3a1b86370e30ec6ae95a569b6f all runs: OK # git bisect good 99a0d9f5e87352c4bd8d01bc9b39f7091c12e4d4 Bisecting: 449 revisions left to test after this (roughly 9 steps) [596cf45cbf6e4fa7bcb0df33e373a7d062b644b5] Merge branch 'akpm' (patches from Andrew) testing commit 596cf45cbf6e4fa7bcb0df33e373a7d062b644b5 with gcc (GCC) 8.1.0 kernel signature: 6ff5620c5451a82400e951cf60134c5b9b38b63f all runs: crashed: BUG: unable to handle kernel paging request in pcpu_alloc # git bisect bad 596cf45cbf6e4fa7bcb0df33e373a7d062b644b5 Bisecting: 279 revisions left to test after this (roughly 8 steps) [d10032dd539c93dbff016f5667e5627c6c2a4467] Merge tag 'libnvdimm-for-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm testing commit d10032dd539c93dbff016f5667e5627c6c2a4467 with gcc (GCC) 8.1.0 kernel signature: ff87c10efa9f16b20ee45d32c7fe8e5516220211 all runs: OK # git bisect good d10032dd539c93dbff016f5667e5627c6c2a4467 Bisecting: 135 revisions left to test after this (roughly 7 steps) [c3bfc5dd73c6f519ff0636d4e709515f06edef78] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit c3bfc5dd73c6f519ff0636d4e709515f06edef78 with gcc (GCC) 8.1.0 kernel signature: e8288e38a6f29268ba44765590425b0c5e4a7359 all runs: OK # git bisect good c3bfc5dd73c6f519ff0636d4e709515f06edef78 Bisecting: 67 revisions left to test after this (roughly 6 steps) [746dd4012d215b53152f0001a48856e41ea31730] selftests: vm: add fragment CONFIG_TEST_VMALLOC testing commit 746dd4012d215b53152f0001a48856e41ea31730 with gcc (GCC) 8.1.0 kernel signature: 0370ff7acf9d185f477aa791f0cfc02dbb3a5a20 all runs: OK # git bisect good 746dd4012d215b53152f0001a48856e41ea31730 Bisecting: 33 revisions left to test after this (roughly 5 steps) [997cdcb068eb58d37f9f9b1d219368000066d272] powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h testing commit 997cdcb068eb58d37f9f9b1d219368000066d272 with gcc (GCC) 8.1.0 kernel signature: b889032e5438fdb122e0406ee689c47b4da9db2d all runs: crashed: BUG: unable to handle kernel paging request in pcpu_alloc # git bisect bad 997cdcb068eb58d37f9f9b1d219368000066d272 Bisecting: 16 revisions left to test after this (roughly 4 steps) [d2af339706be318dadcbe14c8935426ff401d7b1] mm: vmscan: replace shrink_node() loop with a retry jump testing commit d2af339706be318dadcbe14c8935426ff401d7b1 with gcc (GCC) 8.1.0 kernel signature: 6c23a58a3ddb7cd3fbf576cad3315ed8677c2593 all runs: crashed: BUG: unable to handle kernel paging request in pcpu_alloc # git bisect bad d2af339706be318dadcbe14c8935426ff401d7b1 Bisecting: 8 revisions left to test after this (roughly 3 steps) [68265390f9aa625e2ce94ed1bcff8906db702d79] mm, pcpu: make zone pcp updates and reset internal to the mm testing commit 68265390f9aa625e2ce94ed1bcff8906db702d79 with gcc (GCC) 8.1.0 kernel signature: 949568b7ad48db69602086abd5d84f6d41f2eff3 all runs: crashed: BUG: unable to handle kernel paging request in pcpu_alloc # git bisect bad 68265390f9aa625e2ce94ed1bcff8906db702d79 Bisecting: 3 revisions left to test after this (roughly 2 steps) [eafb149ed73a8bb8359c0ce027b98acd4e95b070] fork: support VMAP_STACK with KASAN_VMALLOC testing commit eafb149ed73a8bb8359c0ce027b98acd4e95b070 with gcc (GCC) 8.1.0 kernel signature: 0dc76f55d3e9bc057812b0695f32d26c34866758 all runs: OK # git bisect good eafb149ed73a8bb8359c0ce027b98acd4e95b070 Bisecting: 1 revision left to test after this (roughly 1 step) [5e27a2df03b8933aa7c1579816ecb6a071bb0e0d] mm/page_alloc: add alloc_contig_pages() testing commit 5e27a2df03b8933aa7c1579816ecb6a071bb0e0d with gcc (GCC) 8.1.0 kernel signature: d21c6f71c960e38b8ae221cd4d636a5601829c9b all runs: crashed: BUG: unable to handle kernel paging request in pcpu_alloc # git bisect bad 5e27a2df03b8933aa7c1579816ecb6a071bb0e0d Bisecting: 0 revisions left to test after this (roughly 0 steps) [0609ae011deb41c9629b7f5fd626dfa1ac9d16b0] x86/kasan: support KASAN_VMALLOC testing commit 0609ae011deb41c9629b7f5fd626dfa1ac9d16b0 with gcc (GCC) 8.1.0 kernel signature: 2ce66bf3f3b8da61eea01d0f5948243331c66f28 all runs: crashed: BUG: unable to handle kernel paging request in pcpu_alloc # git bisect bad 0609ae011deb41c9629b7f5fd626dfa1ac9d16b0 0609ae011deb41c9629b7f5fd626dfa1ac9d16b0 is the first bad commit commit 0609ae011deb41c9629b7f5fd626dfa1ac9d16b0 Author: Daniel Axtens Date: Sat Nov 30 17:55:00 2019 -0800 x86/kasan: support KASAN_VMALLOC In the case where KASAN directly allocates memory to back vmalloc space, don't map the early shadow page over it. We prepopulate pgds/p4ds for the range that would otherwise be empty. This is required to get it synced to hardware on boot, allowing the lower levels of the page tables to be filled dynamically. Link: http://lkml.kernel.org/r/20191031093909.9228-5-dja@axtens.net Signed-off-by: Daniel Axtens Acked-by: Dmitry Vyukov Reviewed-by: Andrey Ryabinin Cc: Alexander Potapenko Cc: Christophe Leroy Cc: Mark Rutland Cc: Vasily Gorbik Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/Kconfig | 1 + arch/x86/mm/kasan_init_64.c | 61 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) kernel signature: 2ce66bf3f3b8da61eea01d0f5948243331c66f28 previous signature: 0dc76f55d3e9bc057812b0695f32d26c34866758 revisions tested: 16, total time: 3h38m15.306375566s (build: 1h39m24.756107348s, test: 1h57m17.930061976s) first bad commit: 0609ae011deb41c9629b7f5fd626dfa1ac9d16b0 x86/kasan: support KASAN_VMALLOC cc: ["akpm@linux-foundation.org" "aryabinin@virtuozzo.com" "christophe.leroy@c-s.fr" "dja@axtens.net" "dvyukov@google.com" "glider@google.com" "gor@linux.ibm.com" "mark.rutland@arm.com" "torvalds@linux-foundation.org"] crash: BUG: unable to handle kernel paging request in pcpu_alloc BUG: unable to handle page fault for address: fffff91fffec1000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 21ffe6067 P4D 21ffe6067 PUD aa56b067 PMD aa56c067 PTE 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8064 Comm: syz-executor.3 Not tainted 5.4.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:memory_is_nonzero mm/kasan/generic.c:121 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:135 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:166 [inline] RIP: 0010:check_memory_region_inline mm/kasan/generic.c:182 [inline] RIP: 0010:check_memory_region+0x83/0x1d0 mm/kasan/generic.c:192 Code: 83 fb 10 0f 8e a9 00 00 00 45 89 c8 41 83 e0 07 75 66 4c 8d 43 07 48 85 db 4c 0f 49 c3 49 c1 f8 03 45 85 c0 0f 84 3f 01 00 00 <48> 83 38 00 75 1c 41 83 e8 01 4e 8d 44 c0 08 48 83 c0 08 49 39 c0 RSP: 0018:ffffc90002fe7968 EFLAGS: 00010206 RAX: fffff91fffec1000 RBX: 0000000000001000 RCX: ffffffff818d210f RDX: 0000000000000001 RSI: 0000000000008000 RDI: ffffe8ffff608000 RBP: ffffc90002fe7980 R08: 0000000000000200 R09: fffff91fffec1000 R10: fffff91fffec1fff R11: ffffe8ffff60ffff R12: fffff91fffec2000 R13: 0000000000000000 R14: fffffbfff1359c00 R15: 0000000000000000 FS: 00007f4fab398700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff91fffec1000 CR3: 00000000900cf000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: memset+0x23/0x40 mm/kasan/common.c:107 memset include/linux/string.h:365 [inline] pcpu_alloc+0x47f/0xed0 mm/percpu.c:1734 __alloc_percpu_gfp+0xd/0x10 mm/percpu.c:1783 bpf_array_alloc_percpu kernel/bpf/arraymap.c:35 [inline] array_map_alloc+0x557/0x680 kernel/bpf/arraymap.c:159 find_and_alloc_map kernel/bpf/syscall.c:123 [inline] map_create kernel/bpf/syscall.c:654 [inline] __do_sys_bpf+0x339/0x35c0 kernel/bpf/syscall.c:3012 __se_sys_bpf kernel/bpf/syscall.c:2989 [inline] __x64_sys_bpf+0x6e/0xb0 kernel/bpf/syscall.c:2989 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a679 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f4fab397c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f4fab397c90 RCX: 000000000045a679 RDX: 000000000000003c RSI: 0000000020000080 RDI: 0c00000000000000 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4fab3986d4 R13: 00000000004c0c65 R14: 00000000004d4730 R15: 0000000000000003 Modules linked in: CR2: fffff91fffec1000 ---[ end trace 83a8f22c6452e17f ]--- RIP: 0010:memory_is_nonzero mm/kasan/generic.c:121 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:135 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:166 [inline] RIP: 0010:check_memory_region_inline mm/kasan/generic.c:182 [inline] RIP: 0010:check_memory_region+0x83/0x1d0 mm/kasan/generic.c:192 Code: 83 fb 10 0f 8e a9 00 00 00 45 89 c8 41 83 e0 07 75 66 4c 8d 43 07 48 85 db 4c 0f 49 c3 49 c1 f8 03 45 85 c0 0f 84 3f 01 00 00 <48> 83 38 00 75 1c 41 83 e8 01 4e 8d 44 c0 08 48 83 c0 08 49 39 c0 RSP: 0018:ffffc90002fe7968 EFLAGS: 00010206 RAX: fffff91fffec1000 RBX: 0000000000001000 RCX: ffffffff818d210f RDX: 0000000000000001 RSI: 0000000000008000 RDI: ffffe8ffff608000 RBP: ffffc90002fe7980 R08: 0000000000000200 R09: fffff91fffec1000 R10: fffff91fffec1fff R11: ffffe8ffff60ffff R12: fffff91fffec2000 R13: 0000000000000000 R14: fffffbfff1359c00 R15: 0000000000000000 FS: 00007f4fab398700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff91fffec1000 CR3: 00000000900cf000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400