ci starts bisection 2023-01-30 12:42:59.655295166 +0000 UTC m=+667893.601357224 bisecting cause commit starting from 80bd9028fecadae4e8e3a278cd32d74badc2a6e0 building syzkaller on 9dfcf09cf38eb123a007af28c5ee2562718893a0 ensuring issue is reproducible on original commit 80bd9028fecadae4e8e3a278cd32d74badc2a6e0 testing commit 80bd9028fecadae4e8e3a278cd32d74badc2a6e0 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7dd6e5b60c0e2957d1169a587d5d58f5bebeedbf544b7f905080894b4c62ab7d run #0: crashed: kernel BUG in __tlb_remove_page_size run #1: crashed: BUG: corrupted list in ip6_dst_destroy run #2: crashed: BUG: Bad rss-counter state run #3: crashed: BUG: Bad rss-counter state run #4: crashed: kernel BUG in __tlb_remove_page_size run #5: crashed: BUG: Bad rss-counter state run #6: crashed: BUG: Bad rss-counter state run #7: crashed: BUG: Bad rss-counter state run #8: crashed: BUG: Bad rss-counter state run #9: crashed: BUG: Bad rss-counter state run #10: crashed: general protection fault in unlink_anon_vmas run #11: crashed: BUG: Bad rss-counter state run #12: crashed: general protection fault in vma_prepare run #13: crashed: BUG: corrupted list in icmp6_dst_alloc run #14: crashed: BUG: Bad rss-counter state run #15: crashed: BUG: Bad rss-counter state run #16: crashed: KASAN: null-ptr-deref Read in khugepaged_enter_vma run #17: crashed: BUG: Bad rss-counter state run #18: crashed: BUG: Bad rss-counter state run #19: crashed: BUG: Bad rss-counter state testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e378b99a5e249cf9b773406e302dc83d13bc4f65f6356725765b7a7323f5a4c0 all runs: OK # git bisect start 80bd9028fecadae4e8e3a278cd32d74badc2a6e0 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 Bisecting: 12830 revisions left to test after this (roughly 14 steps) [3367934dd3035afa72ac79ae649f142a530df157] dt-bindings: drop redundant part of title (manual) testing commit 3367934dd3035afa72ac79ae649f142a530df157 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6298dc71340dd248be597b000cf183bdbe3d2959d69e66ab8e8b71004b0d8d53 all runs: OK # git bisect good 3367934dd3035afa72ac79ae649f142a530df157 Bisecting: 6399 revisions left to test after this (roughly 13 steps) [69ddf25f5e79201904230e994b91b715cffeebc5] Merge branch 'docs-next' of git://git.lwn.net/linux.git testing commit 69ddf25f5e79201904230e994b91b715cffeebc5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 24e8ef63ff4f1f2dae9d1488202f1314985c1d5686073ed2c8ddf7f7033974ce all runs: OK # git bisect good 69ddf25f5e79201904230e994b91b715cffeebc5 Bisecting: 3209 revisions left to test after this (roughly 12 steps) [60187a0b295205d95f639683b3c173c07f84cf57] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata.git testing commit 60187a0b295205d95f639683b3c173c07f84cf57 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2ca0fd37a38147593e0ba87acf7f1da98ac389ac5246baab3df155b9b1942560 run #0: crashed: BUG: Bad rss-counter state run #1: crashed: kernel BUG in __tlb_remove_page_size run #2: crashed: BUG: Bad rss-counter state run #3: crashed: BUG: Bad rss-counter state run #4: crashed: BUG: Bad rss-counter state run #5: crashed: BUG: Bad rss-counter state run #6: crashed: BUG: corrupted list in icmp6_dst_alloc run #7: crashed: BUG: Bad rss-counter state run #8: crashed: general protection fault in release_pages run #9: crashed: general protection fault in unlink_anon_vmas # git bisect bad 60187a0b295205d95f639683b3c173c07f84cf57 Bisecting: 1819 revisions left to test after this (roughly 11 steps) [f160a0e64f0f80a82f797ea7aa007e41ba8ed441] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git testing commit f160a0e64f0f80a82f797ea7aa007e41ba8ed441 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a9e04f0fdca018be60c43e7aeef09a469d6d8564592ddaa4988e5e08726959a8 all runs: OK # git bisect good f160a0e64f0f80a82f797ea7aa007e41ba8ed441 Bisecting: 909 revisions left to test after this (roughly 10 steps) [cda6797b0018771cf240525b1b3d225d118e23fe] habanalabs: make set_dram_properties an ASIC function testing commit cda6797b0018771cf240525b1b3d225d118e23fe gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c560a69b20e5bd8ddffb00ffa4892086f093a51734773fba8b265ca840fa7b13 all runs: OK # git bisect good cda6797b0018771cf240525b1b3d225d118e23fe Bisecting: 481 revisions left to test after this (roughly 9 steps) [bdb615a7d52ad63c5abc79c6f2e1fbbab0064cb7] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git testing commit bdb615a7d52ad63c5abc79c6f2e1fbbab0064cb7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 723813d21573e7ea6e804b1728f5e5a798c404674bc3c2445861a1a02df76482 all runs: OK # git bisect good bdb615a7d52ad63c5abc79c6f2e1fbbab0064cb7 Bisecting: 260 revisions left to test after this (roughly 8 steps) [bbeb5ae698ec95247915b44db4bef096a40bb0a5] Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux.git testing commit bbeb5ae698ec95247915b44db4bef096a40bb0a5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2a7dec5b35e4a08faee313ded7761256073466755673df229b797081095a6b00 all runs: OK # git bisect good bbeb5ae698ec95247915b44db4bef096a40bb0a5 Bisecting: 127 revisions left to test after this (roughly 7 steps) [9fd123928ba0fda20a956ca8070ba53282213077] Merge branch 'for-6.3/iov-extract' into for-next testing commit 9fd123928ba0fda20a956ca8070ba53282213077 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7da39e2fcf00a32f0813cb191bec1d3150c7221c8b0893b95550589b79589a2a run #0: crashed: BUG: Bad rss-counter state run #1: crashed: BUG: Bad rss-counter state run #2: crashed: kernel BUG in __tlb_remove_page_size run #3: crashed: kernel BUG in __tlb_remove_page_size run #4: crashed: BUG: Bad rss-counter state run #5: crashed: kernel BUG in __tlb_remove_page_size run #6: crashed: kernel BUG in __tlb_remove_page_size run #7: crashed: BUG: Bad rss-counter state run #8: crashed: BUG: Bad rss-counter state run #9: crashed: general protection fault in mmap_region # git bisect bad 9fd123928ba0fda20a956ca8070ba53282213077 Bisecting: 70 revisions left to test after this (roughly 6 steps) [4a6a7bc21d4726c5772e47525e6039852555b391] block: Default to use cgroup support for BFQ testing commit 4a6a7bc21d4726c5772e47525e6039852555b391 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 550b81237e8f0e72f9c13c2facab8cac93d68f6006498f06bef2a81a6e04b237 all runs: OK # git bisect good 4a6a7bc21d4726c5772e47525e6039852555b391 Bisecting: 35 revisions left to test after this (roughly 5 steps) [f499254474a83bf60191c86de82c1fec1d8eb9f9] io_uring: pass in io_issue_def to io_assign_file() testing commit f499254474a83bf60191c86de82c1fec1d8eb9f9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6060780909930087b3f958cecaca2dc3e841794951a3215ede33bc6494b3d252 all runs: OK # git bisect good f499254474a83bf60191c86de82c1fec1d8eb9f9 Bisecting: 22 revisions left to test after this (roughly 4 steps) [0ffae640ad83de46865c6b8dc3fda370823e4f1d] io_uring: always go async for unsupported open flags testing commit 0ffae640ad83de46865c6b8dc3fda370823e4f1d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0d8db3a1030030a2273a226a3f0d97c8b787ec69ae93ca895c1f7c95f2b66f61 all runs: OK # git bisect good 0ffae640ad83de46865c6b8dc3fda370823e4f1d Bisecting: 11 revisions left to test after this (roughly 4 steps) [6432b3e8237842262b6c72d75bd3992e1b025122] Merge branch 'for-6.3/io_uring' into for-next testing commit 6432b3e8237842262b6c72d75bd3992e1b025122 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 826e91fc790387b5caf4c542062a6416152631e07686c4db4f80975bcf2b3064 all runs: OK # git bisect good 6432b3e8237842262b6c72d75bd3992e1b025122 Bisecting: 5 revisions left to test after this (roughly 3 steps) [239a8cba3fa90144913e61efcc61ee62472603a7] block: Add BIO_PAGE_PINNED and associated infrastructure testing commit 239a8cba3fa90144913e61efcc61ee62472603a7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0a1760eb66a981dd0bdc05147c3d94f4715861a404b7c3e136be3069e403e4d3 all runs: OK # git bisect good 239a8cba3fa90144913e61efcc61ee62472603a7 Bisecting: 2 revisions left to test after this (roughly 2 steps) [e651bca4aa50e6a4d90411b6ec6d044a4853a757] Merge tag 'iov-extract-20230130' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into for-6.3/iov-extract testing commit e651bca4aa50e6a4d90411b6ec6d044a4853a757 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e728eaeb4c43c378c618769b211996cb911c67758de9dc1f8888c74358dcb893 run #0: crashed: kernel BUG in __tlb_remove_page_size run #1: crashed: kernel BUG in __tlb_remove_page_size run #2: crashed: BUG: Bad rss-counter state run #3: crashed: kernel BUG in __tlb_remove_page_size run #4: crashed: general protection fault in mmap_region run #5: crashed: kernel BUG in __tlb_remove_page_size run #6: crashed: BUG: Bad rss-counter state run #7: crashed: kernel BUG in __tlb_remove_page_size run #8: crashed: BUG: Bad rss-counter state run #9: crashed: KASAN: null-ptr-deref Read in khugepaged_enter_vma # git bisect bad e651bca4aa50e6a4d90411b6ec6d044a4853a757 Bisecting: 0 revisions left to test after this (roughly 1 step) [fd20d0c1852ebb3f37ec7101feb0cdd8695f32a5] block: convert bio_map_user_iov to use iov_iter_extract_pages testing commit fd20d0c1852ebb3f37ec7101feb0cdd8695f32a5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 00f0b8f478865b58029380dc9f4e5166009e96aa85af06d1f2bb1b8251c8351d run #0: crashed: BUG: Bad rss-counter state run #1: crashed: kernel BUG in __tlb_remove_page_size run #2: crashed: BUG: Bad rss-counter state run #3: crashed: kernel BUG in __tlb_remove_page_size run #4: crashed: kernel BUG in __tlb_remove_page_size run #5: crashed: BUG: Bad rss-counter state run #6: crashed: kernel BUG in __tlb_remove_page_size run #7: crashed: BUG: Bad rss-counter state run #8: crashed: kernel BUG in __tlb_remove_page_size run #9: crashed: general protection fault in xfrm_lookup_with_ifid # git bisect bad fd20d0c1852ebb3f37ec7101feb0cdd8695f32a5 Bisecting: 0 revisions left to test after this (roughly 0 steps) [920756a3306a35f1c08f25207d375885bef98975] block: Convert bio_iov_iter_get_pages to use iov_iter_extract_pages testing commit 920756a3306a35f1c08f25207d375885bef98975 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3961d77cf84f5790dd83201fafbefe79f060ae4268e0110a2d1d566826723192 run #0: crashed: kernel BUG in __tlb_remove_page_size run #1: crashed: kernel BUG in __tlb_remove_page_size run #2: crashed: BUG: Bad rss-counter state run #3: crashed: BUG: Bad rss-counter state run #4: crashed: BUG: Bad rss-counter state run #5: crashed: BUG: Bad rss-counter state run #6: crashed: BUG: Bad rss-counter state run #7: crashed: BUG: Bad rss-counter state run #8: crashed: kernel BUG in __tlb_remove_page_size run #9: crashed: BUG: Bad rss-counter state # git bisect bad 920756a3306a35f1c08f25207d375885bef98975 920756a3306a35f1c08f25207d375885bef98975 is the first bad commit commit 920756a3306a35f1c08f25207d375885bef98975 Author: David Howells Date: Sat Jan 21 13:51:18 2023 +0100 block: Convert bio_iov_iter_get_pages to use iov_iter_extract_pages This will pin pages or leave them unaltered rather than getting a ref on them as appropriate to the iterator. The pages need to be pinned for DIO rather than having refs taken on them to prevent VM copy-on-write from malfunctioning during a concurrent fork() (the result of the I/O could otherwise end up being affected by/visible to the child process). Signed-off-by: David Howells Reviewed-by: Christoph Hellwig Reviewed-by: John Hubbard cc: Al Viro cc: Jens Axboe cc: Jan Kara cc: Matthew Wilcox cc: Logan Gunthorpe cc: linux-block@vger.kernel.org block/bio.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) culprit signature: 3961d77cf84f5790dd83201fafbefe79f060ae4268e0110a2d1d566826723192 parent signature: 0a1760eb66a981dd0bdc05147c3d94f4715861a404b7c3e136be3069e403e4d3 revisions tested: 18, total time: 5h37m56.223657629s (build: 3h0m48.827381088s, test: 2h33m6.739890221s) first bad commit: 920756a3306a35f1c08f25207d375885bef98975 block: Convert bio_iov_iter_get_pages to use iov_iter_extract_pages recipients (to): ["dhowells@redhat.com" "hch@lst.de" "jhubbard@nvidia.com"] recipients (cc): [] crash: BUG: Bad rss-counter state BUG: Bad rss-counter state mm:ffff888026de0000 type:MM_ANONPAGES val:1 BUG: non-zero pgtables_bytes on freeing mm: 8192