bisecting fixing commit since 1bab61d3e8cd96f2badf515dcb06e4e1029bc017
building syzkaller on 4afdfa205b55633e7eb9db03a9d099d7aa324801
testing commit 1bab61d3e8cd96f2badf515dcb06e4e1029bc017 with gcc (GCC) 8.1.0
kernel signature: 14f644f3d327baa933eaa3aba453fccd7f5ad95a0455687bac977233f8bcd85f
all runs: crashed: kernel BUG at mm/memory.c:LINE!
testing current HEAD a834132bd465f9d7f4049be65648e01cf2533cb8
testing commit a834132bd465f9d7f4049be65648e01cf2533cb8 with gcc (GCC) 8.1.0
kernel signature: 4d208965573800db8cf824ef392101c1c7dcbbe226482fe7dd4789d12bd54ff6
all runs: crashed: kernel BUG at mm/memory.c:LINE!
revisions tested: 2, total time: 27m7.856866049s (build: 19m20.462917533s, test: 6m18.080523906s)
the crash still happens on HEAD
commit msg: Linux 4.19.140
crash: kernel BUG at mm/memory.c:LINE!
next ffff88808a4dad68 prev ffff88808a4dae70 mm ffff8880a8936a40
prot 25 anon_vma 0000000000000000 vm_ops ffffffff873116a0
pgoff 0 file ffff88808d2412c0 private_data 0000000000000000
flags: 0xfe(write|exec|shared|mayread|maywrite|mayexec|mayshare)
------------[ cut here ]------------
kernel BUG at mm/memory.c:3947!
vma ffff88808a055880 start 0000000020000000 end 0000000020b36000
next ffff88808a4da000 prev ffff88808a4da108 mm ffff8880a89363c0
prot 25 anon_vma 0000000000000000 vm_ops ffffffff873116a0
pgoff 0 file ffff88808bcb8580 private_data 0000000000000000
flags: 0xfe(write|exec|shared|mayread|maywrite|mayexec|mayshare)
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7911 Comm: syz-executor.2 Not tainted 4.19.140-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:wp_huge_pmd mm/memory.c:3947 [inline]
RIP: 0010:__handle_mm_fault+0x2177/0x41a0 mm/memory.c:4155
Code: 49 8d b6 a0 00 00 00 48 89 da 44 89 9d 10 ff ff ff e8 2d 71 fe ff 44 8b 9d 10 ff ff ff e9 28 ec ff ff 48 89 df e8 70 a7 fd ff <0f> 0b 49 8d 84 24 60 ff ff ff 48 89 c7 e8 87 ed 0b 00 41 89 c3 e9
RSP: 0018:ffff888082207cc8 EFLAGS: 00010296
RAX: 0000000000000137 RBX: ffff88808aee7460 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff876783a0 RDI: ffffffff8a198a60
RBP: ffff888082207de8 R08: ffffed1015d65081 R09: ffffed1015d65080
R10: ffffed1015d65080 R11: ffff8880aeb28407 R12: ffff888082207dc0
R13: 1ffff11010440fa0 R14: ffffffff873116a0 R15: ffff88808aeee340
FS:  000000000285a940(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200001c0 CR3: 000000008a514000 CR4: 00000000001406e0
------------[ cut here ]------------
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kernel BUG at mm/memory.c:3947!
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
------------[ cut here ]------------
 handle_mm_fault+0x3dd/0x8ab mm/memory.c:4202
kernel BUG at mm/memory.c:3947!
 __do_page_fault+0x50e/0xb30 arch/x86/mm/fault.c:1412
 do_page_fault+0x64/0x3a7 arch/x86/mm/fault.c:1487
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205
RIP: 0033:0x443d51
Code: 8d 15 b3 1b 0d 00 8b 0c 8a 8b 04 82 29 c8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e <88> 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e 66 89 0f 48 83 c6
RSP: 002b:00007ffc795f7578 EFLAGS: 00010202
RAX: 00000000200001c0 RBX: 0000000000000000 RCX: 0000000000000063
RDX: 0000000000000013 RSI: 0000000000790398 RDI: 00000000200001c0
RBP: 0000000000790378 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffc795f7660 R11: 0000000000000246 R12: 0000000000790380
R13: 000000000000bd4a R14: fffffffffffffffe R15: 000000000078c04c
Modules linked in:
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
---[ end trace 525d8d969a0d14f7 ]---
CPU: 0 PID: 7933 Comm: syz-executor.1 Tainted: G      D           4.19.140-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:wp_huge_pmd mm/memory.c:3947 [inline]
RIP: 0010:__handle_mm_fault+0x2177/0x41a0 mm/memory.c:4155
Code: 49 8d b6 a0 00 00 00 48 89 da 44 89 9d 10 ff ff ff e8 2d 71 fe ff 44 8b 9d 10 ff ff ff e9 28 ec ff ff 48 89 df e8 70 a7 fd ff <0f> 0b 49 8d 84 24 60 ff ff ff 48 89 c7 e8 87 ed 0b 00 41 89 c3 e9
RIP: 0010:wp_huge_pmd mm/memory.c:3947 [inline]
RIP: 0010:__handle_mm_fault+0x2177/0x41a0 mm/memory.c:4155
RSP: 0018:ffff8880a9bd7cc8 EFLAGS: 00010296
RAX: 0000000000000137 RBX: ffff8880a974f948 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff876783a0 RDI: ffffffff8a198a60
RBP: ffff8880a9bd7de8 R08: ffffed1015d45081 R09: ffffed1015d45080
R10: ffffed1015d45080 R11: ffff8880aea28407 R12: ffff8880a9bd7dc0
R13: 1ffff1101537afa0 R14: ffffffff873116a0 R15: ffff8880a8936a40
FS:  0000000001f12940(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020e0003f CR3: 00000000a93a0000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Code: 49 8d b6 a0 00 00 00 48 89 da 44 89 9d 10 ff ff ff e8 2d 71 fe ff 44 8b 9d 10 ff ff ff e9 28 ec ff ff 48 89 df e8 70 a7 fd ff <0f> 0b 49 8d 84 24 60 ff ff ff 48 89 c7 e8 87 ed 0b 00 41 89 c3 e9
 handle_mm_fault+0x3dd/0x8ab mm/memory.c:4202
 __do_page_fault+0x50e/0xb30 arch/x86/mm/fault.c:1412
RSP: 0018:ffff888082207cc8 EFLAGS: 00010296
 do_page_fault+0x64/0x3a7 arch/x86/mm/fault.c:1487
RAX: 0000000000000137 RBX: ffff88808aee7460 RCX: 0000000000000000
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205
RIP: 0033:0x443d51
Code: 8d 15 b3 1b 0d 00 8b 0c 8a 8b 04 82 29 c8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e <88> 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e 66 89 0f 48 83 c6
RSP: 002b:00007ffc371952f8 EFLAGS: 00010202
RAX: 00000000200001c0 RBX: 0000000000000000 RCX: 0000000000000063
RDX: 0000000000000013 RSI: 0000000000790398 RDI: 00000000200001c0
RBP: 0000000000790378 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffc371953e0 R11: 0000000000000246 R12: 0000000000790380
R13: 000000000000bd74 R14: fffffffffffffffe R15: 000000000078c04c
Modules linked in:
RDX: 0000000000000000 RSI: ffffffff876783a0 RDI: ffffffff8a198a60
invalid opcode: 0000 [#3] PREEMPT SMP KASAN
RBP: ffff888082207de8 R08: ffffed1015d65081 R09: ffffed1015d65080
CPU: 0 PID: 7935 Comm: syz-executor.0 Tainted: G      D           4.19.140-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:wp_huge_pmd mm/memory.c:3947 [inline]
RIP: 0010:__handle_mm_fault+0x2177/0x41a0 mm/memory.c:4155
Code: 49 8d b6 a0 00 00 00 48 89 da 44 89 9d 10 ff ff ff e8 2d 71 fe ff 44 8b 9d 10 ff ff ff e9 28 ec ff ff 48 89 df e8 70 a7 fd ff <0f> 0b 49 8d 84 24 60 ff ff ff 48 89 c7 e8 87 ed 0b 00 41 89 c3 e9
RSP: 0018:ffff88808af8fcc8 EFLAGS: 00010296
RAX: 0000000000000137 RBX: ffff88808a055880 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff876783a0 RDI: ffffffff8a198a60
RBP: ffff88808af8fde8 R08: ffffed1015d45081 R09: ffffed1015d45080
R10: ffffed1015d65080 R11: ffff8880aeb28407 R12: ffff888082207dc0
R10: ffffed1015d45080 R11: ffff8880aea28407 R12: ffff88808af8fdc0
R13: 1ffff110115f1fa0 R14: ffffffff873116a0 R15: ffff8880a89363c0
FS:  00000000014d9940(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002100003f CR3: 00000000a972d000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 handle_mm_fault+0x3dd/0x8ab mm/memory.c:4202
 __do_page_fault+0x50e/0xb30 arch/x86/mm/fault.c:1412
R13: 1ffff11010440fa0 R14: ffffffff873116a0 R15: ffff88808aeee340
 do_page_fault+0x64/0x3a7 arch/x86/mm/fault.c:1487
FS:  000000000285a940(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205
RIP: 0033:0x443d51
Code: 8d 15 b3 1b 0d 00 8b 0c 8a 8b 04 82 29 c8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e <88> 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e 66 89 0f 48 83 c6
RSP: 002b:00007fff1cff84e8 EFLAGS: 00010202
RAX: 00000000200001c0 RBX: 0000000000000000 RCX: 0000000000000063
RDX: 0000000000000013 RSI: 0000000000790398 RDI: 00000000200001c0
RBP: 0000000000790378 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff1cff85d0 R11: 0000000000000246 R12: 0000000000790380
R13: 000000000000bda2 R14: fffffffffffffffe R15: 000000000078c04c
Modules linked in:
---[ end trace 525d8d969a0d14f8 ]---
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RIP: 0010:wp_huge_pmd mm/memory.c:3947 [inline]
RIP: 0010:__handle_mm_fault+0x2177/0x41a0 mm/memory.c:4155
CR2: 00000000200001c0 CR3: 000000008a514000 CR4: 00000000001406e0
Code: 49 8d b6 a0 00 00 00 48 89 da 44 89 9d 10 ff ff ff e8 2d 71 fe ff 44 8b 9d 10 ff ff ff e9 28 ec ff ff 48 89 df e8 70 a7 fd ff <0f> 0b 49 8d 84 24 60 ff ff ff 48 89 c7 e8 87 ed 0b 00 41 89 c3 e9
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
RSP: 0018:ffff888082207cc8 EFLAGS: 00010296
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
RAX: 0000000000000137 RBX: ffff88808aee7460 RCX: 0000000000000000