bisecting cause commit starting from 763dede1b24886d327bfaed7cf59ee3c01c7913e building syzkaller on db9bcd4b9fd510dc1b4b2b2021180c8432844b9b testing commit 763dede1b24886d327bfaed7cf59ee3c01c7913e with gcc (GCC) 8.1.0 kernel signature: f2b728f2c09d52be5ee0ab5dd65dc585d89525449297438774fd3c624b489a49 run #0: crashed: general protection fault in get_futex_key run #1: crashed: general protection fault in get_futex_key run #2: crashed: general protection fault in get_futex_key run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: fc979f52aa75fc8e00ca3d558fd21e127e6d5fd9d0bf5c69904a3ddcefd2d051 all runs: OK # git bisect start 763dede1b24886d327bfaed7cf59ee3c01c7913e 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 5767 revisions left to test after this (roughly 13 steps) [72f35423e8a6a2451c202f52cb8adb92b08592ec] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit 72f35423e8a6a2451c202f52cb8adb92b08592ec with gcc (GCC) 8.1.0 kernel signature: 100ee76f05aaa4726a6c93d8d25019ddb59ce80cca2a92a9d55354e2e6733a45 all runs: OK # git bisect good 72f35423e8a6a2451c202f52cb8adb92b08592ec Bisecting: 2681 revisions left to test after this (roughly 12 steps) [848960e576dafc8ed54c691b2f70b92e1fdea9ba] Merge tag 'sound-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 848960e576dafc8ed54c691b2f70b92e1fdea9ba with gcc (GCC) 8.1.0 kernel signature: e27395510b84a3d4f0c717216b889d3f2e5ca845382ba07dba2b6ffd33c64355 run #0: crashed: general protection fault in get_futex_key run #1: crashed: general protection fault in get_futex_key run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 848960e576dafc8ed54c691b2f70b92e1fdea9ba Bisecting: 1539 revisions left to test after this (roughly 11 steps) [700d6ab987f3b5e28b13b5993e5a9a975c5604e2] Merge tag 'drm-intel-next-fixes-2020-03-27' of git://anongit.freedesktop.org/drm/drm-intel into drm-next testing commit 700d6ab987f3b5e28b13b5993e5a9a975c5604e2 with gcc (GCC) 8.1.0 kernel signature: cc57792ff1f84935a84b74a76c617cb5970bb1c44b0d3f461de5c118e7fbdeb5 all runs: OK # git bisect good 700d6ab987f3b5e28b13b5993e5a9a975c5604e2 Bisecting: 853 revisions left to test after this (roughly 10 steps) [f14a9532ee30c68a56ff502c382860f674cc180c] Merge tag 'x86-urgent-2020-04-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit f14a9532ee30c68a56ff502c382860f674cc180c with gcc (GCC) 8.1.0 kernel signature: a968ab1685ac8710b13703e54a3fd65edf82700fb889abd7b759d8a22e1b6409 run #0: crashed: general protection fault in get_futex_key run #1: crashed: general protection fault in get_futex_key run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: general protection fault in get_futex_key run #9: OK # git bisect bad f14a9532ee30c68a56ff502c382860f674cc180c Bisecting: 347 revisions left to test after this (roughly 9 steps) [d987ca1c6b7e22fbd30664111e85cec7aa66000d] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace testing commit d987ca1c6b7e22fbd30664111e85cec7aa66000d with gcc (GCC) 8.1.0 kernel signature: 46185edcd34cd8b177914bb1ec57b72f537bbbe93ac5d1ffbd912ff51cd04d3f all runs: OK # git bisect good d987ca1c6b7e22fbd30664111e85cec7aa66000d Bisecting: 163 revisions left to test after this (roughly 8 steps) [7be97138e7276c71cc9ad1752dcb502d28f4400d] Merge tag 'xfs-5.7-merge-8' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux testing commit 7be97138e7276c71cc9ad1752dcb502d28f4400d with gcc (GCC) 8.1.0 kernel signature: ed863c670ed3ff38f36994dd4c2a888474230141dda8993bedde4d01bbe844cf all runs: OK # git bisect good 7be97138e7276c71cc9ad1752dcb502d28f4400d Bisecting: 81 revisions left to test after this (roughly 6 steps) [b44437723cbcb5acd64ed25a4938b95fbb9bfccb] mm/vma: move VM_NO_KHUGEPAGED into generic header testing commit b44437723cbcb5acd64ed25a4938b95fbb9bfccb with gcc (GCC) 8.1.0 kernel signature: 59de66b0502fa63edb2c4b9720d2e54904a2b6ac15980401bd50669f58fc42fb all runs: OK # git bisect good b44437723cbcb5acd64ed25a4938b95fbb9bfccb Bisecting: 40 revisions left to test after this (roughly 5 steps) [5644e1fbbfe15ad06785502bbfe5751223e5841d] mm/vmscan.c: fix data races using kswapd_classzone_idx testing commit 5644e1fbbfe15ad06785502bbfe5751223e5841d with gcc (GCC) 8.1.0 kernel signature: 7e98066e150791379fe58b9eb16a766476d84702de42886843cf377f7cf0bd90 run #0: crashed: general protection fault in get_futex_key run #1: crashed: general protection fault in get_futex_key run #2: crashed: general protection fault in get_futex_key run #3: crashed: general protection fault in get_futex_key run #4: crashed: general protection fault in get_futex_key run #5: crashed: general protection fault in get_futex_key run #6: crashed: general protection fault in get_futex_key run #7: OK run #8: OK run #9: OK # git bisect bad 5644e1fbbfe15ad06785502bbfe5751223e5841d Bisecting: 20 revisions left to test after this (roughly 4 steps) [86a76331d94c4cfa72fe1831dbe4b492f66fdb81] mm: clarify a confusing comment for remap_pfn_range() testing commit 86a76331d94c4cfa72fe1831dbe4b492f66fdb81 with gcc (GCC) 8.1.0 kernel signature: c282ec2a6e8307533f78f16c019a42354ed8c8f3f489084213689c45d9af16ed run #0: crashed: general protection fault in get_futex_key run #1: crashed: general protection fault in get_futex_key run #2: crashed: general protection fault in get_futex_key run #3: crashed: general protection fault in get_futex_key run #4: crashed: general protection fault in get_futex_key run #5: crashed: general protection fault in get_futex_key run #6: crashed: general protection fault in get_futex_key run #7: crashed: general protection fault in get_futex_key run #8: OK run #9: OK # git bisect bad 86a76331d94c4cfa72fe1831dbe4b492f66fdb81 Bisecting: 9 revisions left to test after this (roughly 3 steps) [c9a0dad162014182867f81b28bb7a4b691d65595] powerpc/mm: use helper fault_signal_pending() testing commit c9a0dad162014182867f81b28bb7a4b691d65595 with gcc (GCC) 8.1.0 kernel signature: 346dc935fa3ab9b30d026f4fe2452c785455c34e1cf03f11acbb02cc5a34ed29 all runs: OK # git bisect good c9a0dad162014182867f81b28bb7a4b691d65595 Bisecting: 4 revisions left to test after this (roughly 2 steps) [c270a7eedcf278304e05ebd2c96807487c97db61] mm: introduce FAULT_FLAG_INTERRUPTIBLE testing commit c270a7eedcf278304e05ebd2c96807487c97db61 with gcc (GCC) 8.1.0 kernel signature: da9dcfc8e8bd1a62a2ec8a1d47dbc09c69953ac6e8e5690d3c6155b40510830c all runs: OK # git bisect good c270a7eedcf278304e05ebd2c96807487c97db61 Bisecting: 2 revisions left to test after this (roughly 1 step) [4426e945df588f2878affddf88a51259200f7e29] mm/gup: allow VM_FAULT_RETRY for multiple times testing commit 4426e945df588f2878affddf88a51259200f7e29 with gcc (GCC) 8.1.0 kernel signature: fbe551806e933106fb489577a35d14343cc029edafe6df059d5ffaf6c3a20e88 run #0: crashed: general protection fault in get_futex_key run #1: crashed: general protection fault in get_futex_key run #2: crashed: general protection fault in get_futex_key run #3: crashed: general protection fault in get_futex_key run #4: crashed: general protection fault in get_futex_key run #5: crashed: general protection fault in get_futex_key run #6: crashed: general protection fault in get_futex_key run #7: OK run #8: crashed: general protection fault in get_futex_key run #9: OK # git bisect bad 4426e945df588f2878affddf88a51259200f7e29 Bisecting: 0 revisions left to test after this (roughly 0 steps) [4064b982706375025628094e51d11cf1a958a5d3] mm: allow VM_FAULT_RETRY for multiple times testing commit 4064b982706375025628094e51d11cf1a958a5d3 with gcc (GCC) 8.1.0 kernel signature: 1055be148cdcc8aec5b7806cbd945d1beb76eced46fb6cc010966bcd98f949e7 all runs: OK # git bisect good 4064b982706375025628094e51d11cf1a958a5d3 4426e945df588f2878affddf88a51259200f7e29 is the first bad commit commit 4426e945df588f2878affddf88a51259200f7e29 Author: Peter Xu Date: Wed Apr 1 21:08:49 2020 -0700 mm/gup: allow VM_FAULT_RETRY for multiple times This is the gup counterpart of the change that allows the VM_FAULT_RETRY to happen for more than once. One thing to mention is that we must check the fatal signal here before retry because the GUP can be interrupted by that, otherwise we can loop forever. Signed-off-by: Peter Xu Signed-off-by: Andrew Morton Tested-by: Brian Geffon Cc: Andrea Arcangeli Cc: Bobby Powers Cc: David Hildenbrand Cc: Denis Plotnikov Cc: "Dr . David Alan Gilbert" Cc: Hugh Dickins Cc: Jerome Glisse Cc: Johannes Weiner Cc: "Kirill A . Shutemov" Cc: Martin Cracauer Cc: Marty McFadden Cc: Matthew Wilcox Cc: Maya Gokhale Cc: Mel Gorman Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Link: http://lkml.kernel.org/r/20200220195357.16371-1-peterx@redhat.com Signed-off-by: Linus Torvalds mm/gup.c | 27 +++++++++++++++++++++------ mm/hugetlb.c | 6 ++++-- 2 files changed, 25 insertions(+), 8 deletions(-) culprit signature: fbe551806e933106fb489577a35d14343cc029edafe6df059d5ffaf6c3a20e88 parent signature: 1055be148cdcc8aec5b7806cbd945d1beb76eced46fb6cc010966bcd98f949e7 revisions tested: 15, total time: 4h0m22.687891912s (build: 1h27m36.572160043s, test: 2h31m45.766564474s) first bad commit: 4426e945df588f2878affddf88a51259200f7e29 mm/gup: allow VM_FAULT_RETRY for multiple times cc: ["akpm@linux-foundation.org" "bgeffon@google.com" "peterx@redhat.com" "torvalds@linux-foundation.org"] crash: general protection fault in get_futex_key general protection fault, probably for non-canonical address 0xe4bc9970ee9246a8: 0000 [#1] PREEMPT SMP KASAN KASAN: maybe wild-memory-access in range [0x25e4eb8774923540-0x25e4eb8774923547] CPU: 0 PID: 16746 Comm: syz-executor.2 Not tainted 5.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:199 [inline] RIP: 0010:get_futex_key+0x29c/0x10e0 kernel/futex.c:575 Code: 0f 85 0b 0c 00 00 49 8b 47 08 48 8d 48 ff a8 01 49 0f 44 cf 48 8d 41 18 48 89 4d 98 48 89 c2 48 89 8d 70 ff ff ff 48 c1 ea 03 <80> 3c 1a 00 0f 85 ea 0b 00 00 48 8b b5 70 ff ff ff 4c 8b 66 18 4d RSP: 0018:ffffc900017d7848 EFLAGS: 00010203 RAX: 25e4eb8774923544 RBX: dffffc0000000000 RCX: 25e4eb877492352c RDX: 04bc9d70ee9246a8 RSI: 1ffff920002faee1 RDI: ffff888097310d58 RBP: ffffc900017d7918 R08: ffffed1012e620c1 R09: ffffed1012e620c1 R10: ffffed1012e620c0 R11: ffff888097310607 R12: ffffc900017d7b00 R13: ffff888097310ee8 R14: 000000002000c000 R15: ffff888097310ee0 FS: 00007fc150e66700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055c2c668fef0 CR3: 00000000a8efd000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: futex_lock_pi+0x170/0x650 kernel/futex.c:2823 do_futex+0xa5f/0x1520 kernel/futex.c:3821 __do_sys_futex kernel/futex.c:3869 [inline] __se_sys_futex kernel/futex.c:3837 [inline] __x64_sys_futex+0x1af/0x320 kernel/futex.c:3837 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c889 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fc150e65c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007fc150e666d4 RCX: 000000000045c889 RDX: 0000000000000000 RSI: 0000800000000006 RDI: 000000002000cffc RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000000e8 R14: 00000000004c3730 R15: 000000000076bf0c Modules linked in: ---[ end trace 4d37002b318646d6 ]--- RIP: 0010:__read_once_size include/linux/compiler.h:199 [inline] RIP: 0010:get_futex_key+0x29c/0x10e0 kernel/futex.c:575 Code: 0f 85 0b 0c 00 00 49 8b 47 08 48 8d 48 ff a8 01 49 0f 44 cf 48 8d 41 18 48 89 4d 98 48 89 c2 48 89 8d 70 ff ff ff 48 c1 ea 03 <80> 3c 1a 00 0f 85 ea 0b 00 00 48 8b b5 70 ff ff ff 4c 8b 66 18 4d RSP: 0018:ffffc900017d7848 EFLAGS: 00010203 RAX: 25e4eb8774923544 RBX: dffffc0000000000 RCX: 25e4eb877492352c RDX: 04bc9d70ee9246a8 RSI: 1ffff920002faee1 RDI: ffff888097310d58 RBP: ffffc900017d7918 R08: ffffed1012e620c1 R09: ffffed1012e620c1 R10: ffffed1012e620c0 R11: ffff888097310607 R12: ffffc900017d7b00 R13: ffff888097310ee8 R14: 000000002000c000 R15: ffff888097310ee0 FS: 00007fc150e66700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000109c978 CR3: 00000000a8efd000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400