ci starts bisection 2022-08-29 23:42:05.727886242 +0000 UTC m=+38714.245449177 bisecting cause commit starting from b90cb1053190353cc30f0fef0ef1f378ccc063c5 building syzkaller on 5b44472de8e0d3937519a576f390ac9e4f3ac777 testing commit b90cb1053190353cc30f0fef0ef1f378ccc063c5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7d341fe2412b074b7411f84fb141984a3ec2f34b43b6b8e0a66b8cd323cd7972 all runs: crashed: general protection fault in binder_alloc_new_buf testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 00e912d6fab50901ba6d3031864efccf6b10a9ef09b2c3a12214726348d29acb all runs: OK # git bisect start b90cb1053190353cc30f0fef0ef1f378ccc063c5 3d7cb6b04c3f3115719235cc6866b10326de34cd Bisecting: 7881 revisions left to test after this (roughly 13 steps) [798cd57cd5f871452461746032cf6ee50b0fd69a] drm/amd/display: restore code for plane with no modifiers testing commit 798cd57cd5f871452461746032cf6ee50b0fd69a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 07a40c96ff69de9e815e6d3c35b728d5e75905e15f978c1ab851f65c034cd489 all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip 798cd57cd5f871452461746032cf6ee50b0fd69a Bisecting: 7881 revisions left to test after this (roughly 13 steps) [54c3e9493cd502d63ff3643fa70b5f98b3201846] drm/amd/display: Remove unused variables from dcn10_stream_encoder testing commit 54c3e9493cd502d63ff3643fa70b5f98b3201846 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8021d8a2bf07f7ae65aa481e8ac2ecfa4179597c09c2d7b846a0a1e45296a6a5 all runs: OK # git bisect good 54c3e9493cd502d63ff3643fa70b5f98b3201846 Bisecting: 6963 revisions left to test after this (roughly 13 steps) [78acd4ca433425e6dd4032cfc2156c60e34931f2] usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable() testing commit 78acd4ca433425e6dd4032cfc2156c60e34931f2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8a19a84cea3db272f1a6e9a4d4e0acf92d6839d6e38344481a32a317951b1087 all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip 78acd4ca433425e6dd4032cfc2156c60e34931f2 Bisecting: 6963 revisions left to test after this (roughly 13 steps) [9993a4f989c7ca5e227329b2878f65d05c9fc20f] virtio: Revert "virtio: find_vqs() add arg sizes" testing commit 9993a4f989c7ca5e227329b2878f65d05c9fc20f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ca8e49ca4f423a62799e5890db1e332791b4210df7086efe6f56118716a1e9ba all runs: OK # git bisect good 9993a4f989c7ca5e227329b2878f65d05c9fc20f Bisecting: 391 revisions left to test after this (roughly 9 steps) [16b3d851c0146123507fe864fdd97411ded51147] Merge tag 'perf-tools-fixes-for-v6.0-2022-08-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit 16b3d851c0146123507fe864fdd97411ded51147 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f182bb547b51c9cb9acb3a02f120d352cea7116b3600fffd51ab4432e8178c06 all runs: OK # git bisect good 16b3d851c0146123507fe864fdd97411ded51147 Bisecting: 195 revisions left to test after this (roughly 8 steps) [4c612826bec1441214816827979b62f84a097e91] Merge tag 'net-6.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 4c612826bec1441214816827979b62f84a097e91 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d43a4f128c2b5974cdf6d33fcb27bf386f31f49b05e81dff18923aeed3210c26 all runs: OK # git bisect good 4c612826bec1441214816827979b62f84a097e91 Bisecting: 98 revisions left to test after this (roughly 7 steps) [48648548ef764dcb1f6ffc9c9f9057f7c610caa4] perf stat: Capitalize topdown metrics' names testing commit 48648548ef764dcb1f6ffc9c9f9057f7c610caa4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: aa44f39f96b418b2b66597afc6dd06baa7a82dfdb368d90cd556ec93fe8f70eb run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 48648548ef764dcb1f6ffc9c9f9057f7c610caa4 Bisecting: 44 revisions left to test after this (roughly 6 steps) [2f23a7c914317ac0b2a7e2bbe48dc00213652f98] Merge tag 'x86-urgent-2022-08-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 2f23a7c914317ac0b2a7e2bbe48dc00213652f98 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9590ee5d72817b412cfb1c6123b19f24d80b9a8ffe4766ca787c9b5d6dce9c32 all runs: OK # git bisect good 2f23a7c914317ac0b2a7e2bbe48dc00213652f98 Bisecting: 21 revisions left to test after this (roughly 5 steps) [373eff576e580b6bbc1e709cd3ca0d100783431f] Merge tag 'bitmap-6.0-rc3' of github.com:/norov/linux testing commit 373eff576e580b6bbc1e709cd3ca0d100783431f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9c9d8959a01e1dcfe2ef994a51b9e378dc0634ae1fbb84d86bc8d7e819ec257b all runs: OK # git bisect good 373eff576e580b6bbc1e709cd3ca0d100783431f Bisecting: 10 revisions left to test after this (roughly 4 steps) [a5d2172180e8f94a8cfc7a7fa0243035629bf8d0] mm/zsmalloc: do not attempt to free IS_ERR handle testing commit a5d2172180e8f94a8cfc7a7fa0243035629bf8d0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c2f74f3ab8c4d9a014c48ae880b75941923d8db8e47725e9424e8f56a3ebe489 all runs: crashed: general protection fault in binder_alloc_new_buf # git bisect bad a5d2172180e8f94a8cfc7a7fa0243035629bf8d0 Bisecting: 5 revisions left to test after this (roughly 3 steps) [9dfb3b8d655022760ca68af11821f1c63aa547c3] shmem: update folio if shmem_replace_page() updates the page testing commit 9dfb3b8d655022760ca68af11821f1c63aa547c3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bd8e2bc024b3eceb7f1bde0aec8cf8d8db908e108eb2f30f77528f4a2599b877 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 9dfb3b8d655022760ca68af11821f1c63aa547c3 Bisecting: 2 revisions left to test after this (roughly 2 steps) [f09bddbd86619bf6213c96142a3b6b6a84818798] vmcoreinfo: add kallsyms_num_syms symbol testing commit f09bddbd86619bf6213c96142a3b6b6a84818798 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7e5be880d3a70b0a3ebd7c1465dfa414af12148db36bfb07e47a3dc76cb544a5 all runs: OK # git bisect good f09bddbd86619bf6213c96142a3b6b6a84818798 Bisecting: 0 revisions left to test after this (roughly 1 step) [44e602b4e52f70f04620bbbf4fe46ecb40170bde] binder_alloc: add missing mmap_lock calls when using the VMA testing commit 44e602b4e52f70f04620bbbf4fe46ecb40170bde compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a36b36e38f180858071a8fb4e6e12f407110f7769a32a346a8dd64c23b33e146 all runs: crashed: general protection fault in binder_alloc_new_buf # git bisect bad 44e602b4e52f70f04620bbbf4fe46ecb40170bde Bisecting: 0 revisions left to test after this (roughly 0 steps) [fcab34b433e2c13e333b2f53c4a8409eadc432c7] mm: re-allow pinning of zero pfns (again) testing commit fcab34b433e2c13e333b2f53c4a8409eadc432c7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7bdc324e3d3c5151eb02abe5744075e15014335ce1e1825160a132d1ac72526b all runs: OK # git bisect good fcab34b433e2c13e333b2f53c4a8409eadc432c7 44e602b4e52f70f04620bbbf4fe46ecb40170bde is the first bad commit commit 44e602b4e52f70f04620bbbf4fe46ecb40170bde Author: Liam Howlett Date: Wed Aug 10 16:02:25 2022 +0000 binder_alloc: add missing mmap_lock calls when using the VMA Take the mmap_read_lock() when using the VMA in binder_alloc_print_pages() and when checking for a VMA in binder_alloc_new_buf_locked(). It is worth noting binder_alloc_new_buf_locked() drops the VMA read lock after it verifies a VMA exists, but may be taken again deeper in the call stack, if necessary. Link: https://lkml.kernel.org/r/20220810160209.1630707-1-Liam.Howlett@oracle.com Fixes: a43cfc87caaf (android: binder: stop saving a pointer to the VMA) Signed-off-by: Liam R. Howlett Reported-by: Ondrej Mosnacek Reported-by: Acked-by: Carlos Llamas Tested-by: Ondrej Mosnacek Cc: Minchan Kim Cc: Christian Brauner (Microsoft) Cc: Greg Kroah-Hartman Cc: Hridya Valsaraju Cc: Joel Fernandes Cc: Martijn Coenen Cc: Suren Baghdasaryan Cc: Todd Kjos Cc: Matthew Wilcox (Oracle) Cc: "Arve Hjønnevåg" Signed-off-by: Andrew Morton drivers/android/binder_alloc.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) culprit signature: a36b36e38f180858071a8fb4e6e12f407110f7769a32a346a8dd64c23b33e146 parent signature: 7bdc324e3d3c5151eb02abe5744075e15014335ce1e1825160a132d1ac72526b revisions tested: 16, total time: 4h13m17.533175882s (build: 1h53m45.729402944s, test: 2h17m42.114061667s) first bad commit: 44e602b4e52f70f04620bbbf4fe46ecb40170bde binder_alloc: add missing mmap_lock calls when using the VMA recipients (to): ["akpm@linux-foundation.org" "cmllamas@google.com" "liam.howlett@oracle.com" "omosnace@redhat.com"] recipients (cc): [] crash: general protection fault in binder_alloc_new_buf binder: 4097:4098 ioctl c0306201 20001480 returned -14 general protection fault, probably for non-canonical address 0xdffffc0000000025: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] CPU: 0 PID: 4098 Comm: syz-executor.0 Not tainted 6.0.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:__lock_acquire+0xdaa/0x5640 kernel/locking/lockdep.c:4923 Code: a9 0d 41 bf 01 00 00 00 0f 86 c8 00 00 00 89 05 cc 2e a9 0d e9 bd 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 7a 32 00 00 49 81 3e 60 64 56 8e 0f 84 25 f3 ff RSP: 0018:ffffc9000489f278 EFLAGS: 00010002 RAX: dffffc0000000000 RBX: 1ffff92000913e7e RCX: 0000000000000001 RDX: 0000000000000025 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: fffffbfff19d55d2 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8880244fd7c0 R14: 0000000000000128 R15: 0000000000000001 FS: 00007f9c24bd4700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000243f1000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 down_read+0x98/0x450 kernel/locking/rwsem.c:1499 mmap_read_lock include/linux/mmap_lock.h:117 [inline] binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline] binder_alloc_new_buf+0x91/0x1a40 drivers/android/binder_alloc.c:593 binder_transaction+0x10f0/0x8dc0 drivers/android/binder.c:3187 binder_thread_write+0x733/0x2f40 drivers/android/binder.c:3963 binder_ioctl_write_read drivers/android/binder.c:5024 [inline] binder_ioctl+0x2c59/0x5b80 drivers/android/binder.c:5311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f9c23a89279 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9c24bd4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f9c23b9bf80 RCX: 00007f9c23a89279 RDX: 0000000020000040 RSI: 00000000c0306201 RDI: 0000000000000004 RBP: 00007f9c23ae3189 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffca55c32f R14: 00007f9c24bd4300 R15: 0000000000022000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__lock_acquire+0xdaa/0x5640 kernel/locking/lockdep.c:4923 Code: a9 0d 41 bf 01 00 00 00 0f 86 c8 00 00 00 89 05 cc 2e a9 0d e9 bd 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 7a 32 00 00 49 81 3e 60 64 56 8e 0f 84 25 f3 ff RSP: 0018:ffffc9000489f278 EFLAGS: 00010002 RAX: dffffc0000000000 RBX: 1ffff92000913e7e RCX: 0000000000000001 RDX: 0000000000000025 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: fffffbfff19d55d2 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8880244fd7c0 R14: 0000000000000128 R15: 0000000000000001 FS: 00007f9c24bd4700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000243f1000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 0d 41 bf 01 00 or $0x1bf41,%eax 5: 00 00 add %al,(%rax) 7: 0f 86 c8 00 00 00 jbe 0xd5 d: 89 05 cc 2e a9 0d mov %eax,0xda92ecc(%rip) # 0xda92edf 13: e9 bd 00 00 00 jmpq 0xd5 18: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 1f: fc ff df 22: 4c 89 f2 mov %r14,%rdx 25: 48 c1 ea 03 shr $0x3,%rdx * 29: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2d: 0f 85 7a 32 00 00 jne 0x32ad 33: 49 81 3e 60 64 56 8e cmpq $0xffffffff8e566460,(%r14) 3a: 0f .byte 0xf 3b: 84 .byte 0x84 3c: 25 .byte 0x25 3d: f3 repz 3e: ff .byte 0xff