bisecting cause commit starting from 549738f15da0e5a00275977623be199fbbf7df50
building syzkaller on 5ef9c29141f85f210b326ce68718498ae0c1fd35
testing commit 549738f15da0e5a00275977623be199fbbf7df50 with gcc (GCC) 8.1.0
kernel signature: 5f1e4d1af10baef57c2c5b0a7b96621dd9bf42eec7b48c726b44f1b1ccce7196
all runs: crashed: WARNING in sta_info_alloc
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: bdbf7d95ab7094752f0e86c4438600ee47f206984cc1df7b8e28e8e1b5c1777b
all runs: crashed: WARNING in sta_info_alloc
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: 88e5d8db559de31345b66e1a9ef6a5dd3e702b9976718b51e6f7a182543011e4
all runs: crashed: WARNING in sta_info_alloc
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: c540a7dc489bf82d5aa679e3d0a9bc5a87527b6fb16a49c1e8c1fb36b2ae8c76
all runs: crashed: WARNING in sta_info_alloc
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: 4e63e544beaaa26ee437f3810dc891c0cfc274bf84eb90a02863ee68addeedf6
all runs: crashed: WARNING in sta_info_alloc
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 320bce60a9a92d9c7966918183f9334a3d8fd5b6d3fa3631c865f67a08daed43
all runs: crashed: WARNING in sta_info_alloc
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 9e099200f43a2631e3bbf9ab21ef4be4b8d5f77f1be2942ef0c532fe5e4d2113
all runs: crashed: WARNING in sta_info_alloc
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 6b13ca0c5d00d4e06ff148acf7e31b972da5eb0912ca58e648a63c0c2140f070
all runs: crashed: WARNING in sta_info_alloc
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: 2263d770f8192da75c9912ee1ef12dfaa37c4567f5a49c3b5c59843f602bf3c0
all runs: crashed: WARNING in sta_info_alloc
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: f1ec642fe79e2c362eccb997565a9eec3bf2e042327b8e39abf93ef2f17406a2
all runs: crashed: WARNING in sta_info_alloc
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: c8560ecd699c7f0ce82338115cd2ae640390760908d485129d940c3b7e2ae468
all runs: crashed: WARNING in sta_info_alloc
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: 9c96a91480c7ac963174d32bcd4d5441b88b6387e0fa4b40bfd1e33e9ff04cf8
all runs: crashed: WARNING in sta_info_alloc
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: acc1f24245d8811f855cf0d653975ddd99dc07d17492144dcc887ecbd6d906d1
all runs: crashed: WARNING in sta_info_alloc
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: 4f01dfabbcf9ea7020b7708192ac97cdad4eae7f906f08848a2eb730272f8026
all runs: crashed: WARNING in sta_info_alloc
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: 39139ad35d1c64721cc97d99cc68206fa5b0895d003199709054d2be16fbf26d
all runs: crashed: WARNING in sta_info_alloc
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: 63a53e5fa77c54faffea4c9c330d988027298273000512e28a20c5a02aef2555
all runs: crashed: WARNING in sta_info_alloc
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
kernel signature: 14cc2108eb66b2bfc43f7e1f5cd90cee7efa2e005a675860df7a86a77dd0fc84
all runs: crashed: WARNING in sta_info_alloc
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
kernel signature: ffe4e5c945b375ec708e320e8df1b0dc7ec281975decc3ba42e57823fc91068e
all runs: crashed: WARNING in sta_info_alloc
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
kernel signature: 8e739735e76f2c8c006885fa33799b2bb3be556ac3fdb875bb0f8f964e21c881
all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
kernel signature: 4d5a815f6d8414b711dcb6bea105d4afcb13c9c7f1511d22ce615e97f0076b08
all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
kernel signature: 921c8cdb86d4217e7a9509babd747059d2c6a135a1f01f9ee56b3edc99c1e050
all runs: crashed: WARNING in sta_info_alloc
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
kernel signature: 74415fa7ef53edca26682d8bf15e71d78a75a8162bd2d0d85719e7b352f59a7e
all runs: crashed: WARNING in sta_info_alloc
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
kernel signature: 38292e7c81e26344c668157ac3a02e10fadc4ca1f08867eb5d85a1589373f024
all runs: crashed: WARNING in sta_info_alloc
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0
kernel signature: 170cdab0e04b0bea21660708290d98a1551db510dcc6bd930117bf52c859dbe7
all runs: OK
# git bisect start c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 523d939ef98fd712632d93a5a2b588e477a7565e
Bisecting: 7344 revisions left to test after this (roughly 13 steps)
[e61c10e468a42512f5fad74c00b62af5cc19f65f] sh: add device tree source for J2 FPGA on Mimas v2 board
testing commit e61c10e468a42512f5fad74c00b62af5cc19f65f with gcc (GCC) 5.5.0
kernel signature: 854d1ca10f6bc97ddf0ed216e79e190e925b652794c40a5d5babdc8261a02540
all runs: crashed: WARNING in sta_info_alloc
# git bisect bad e61c10e468a42512f5fad74c00b62af5cc19f65f
Bisecting: 3754 revisions left to test after this (roughly 12 steps)
[08fd8c17686c6b09fa410a26d516548dd80ff147] Merge tag 'for-linus-4.8-rc0-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
testing commit 08fd8c17686c6b09fa410a26d516548dd80ff147 with gcc (GCC) 5.5.0
kernel signature: 9aa93711b2a61318bcc1b13b6704b72fb78186fa56d2ae55e83fe3b578777c4a
all runs: OK
# git bisect good 08fd8c17686c6b09fa410a26d516548dd80ff147
Bisecting: 1877 revisions left to test after this (roughly 11 steps)
[7ae0ae4a022b72f33d23ab6e858163d4b37400a5] Merge tag 'spi-v4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
testing commit 7ae0ae4a022b72f33d23ab6e858163d4b37400a5 with gcc (GCC) 5.5.0
kernel signature: 55ad23820801a62ede0a819327a3cc0364bc67a14b6fe10f349a4b8b03072371
all runs: crashed: WARNING in sta_info_alloc
# git bisect bad 7ae0ae4a022b72f33d23ab6e858163d4b37400a5
Bisecting: 938 revisions left to test after this (roughly 10 steps)
[6fd980ac39efee9c26b1eb256c3271fcb139bd99] net: samples: pktgen mode samples/tests for qdisc layer
testing commit 6fd980ac39efee9c26b1eb256c3271fcb139bd99 with gcc (GCC) 5.5.0
kernel signature: 6eec34c5e622dc7d240f712dc156a35e10487ee984bdfc0b9c03ffae6eaefddb
all runs: crashed: WARNING in sta_info_alloc
# git bisect bad 6fd980ac39efee9c26b1eb256c3271fcb139bd99
Bisecting: 468 revisions left to test after this (roughly 9 steps)
[697666eac664dbea7c2c1fa7518fd5dfe098776f] net: ethernet: bcmsysport: use phy_ethtool_{get|set}_link_ksettings
testing commit 697666eac664dbea7c2c1fa7518fd5dfe098776f with gcc (GCC) 5.5.0
kernel signature: 8e7f66625b1b81a3ee860f1e1cb559820b1ec51593a7e97d8d7704c40446c4c9
all runs: crashed: WARNING in sta_info_alloc
# git bisect bad 697666eac664dbea7c2c1fa7518fd5dfe098776f
Bisecting: 234 revisions left to test after this (roughly 8 steps)
[6988bd920c6ea53497ed15db947408b7488c9e36] bnxt_en: Add new function bnxt_reset().
testing commit 6988bd920c6ea53497ed15db947408b7488c9e36 with gcc (GCC) 5.5.0
kernel signature: 5fd9ef6cc69af7915c8bf3d1eb71de8e762e789f2798141f1bf27f4a772ec64d
all runs: crashed: WARNING in sta_info_alloc
# git bisect bad 6988bd920c6ea53497ed15db947408b7488c9e36
Bisecting: 116 revisions left to test after this (roughly 7 steps)
[6ad8c632ee48ae099aa13704ef18a641220fe211] qed: Add support for query/config dcbx.
testing commit 6ad8c632ee48ae099aa13704ef18a641220fe211 with gcc (GCC) 5.5.0
kernel signature: 4511627d020da0e9e5a7ba7befd72754223be876c84a8308077d8c69fb67bd50
all runs: OK
# git bisect good 6ad8c632ee48ae099aa13704ef18a641220fe211
Bisecting: 58 revisions left to test after this (roughly 6 steps)
[1578b0a5e92825334760741e5c166b8873886f1b] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit 1578b0a5e92825334760741e5c166b8873886f1b with gcc (GCC) 5.5.0
kernel signature: 3889464a15194cf6e7f9793b2f12d181306586dd56d953d10fe8fd8d6566cec0
all runs: OK
# git bisect good 1578b0a5e92825334760741e5c166b8873886f1b
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[52a3d792bb54d379c4546cbc40c1365139922e15] Merge branch 'arm64-bpf'
testing commit 52a3d792bb54d379c4546cbc40c1365139922e15 with gcc (GCC) 5.5.0
kernel signature: fa8e18512e76d20b2b0bab951efd531d6464aadd85e6a6b74b37df89d71049d4
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: crashed: KASAN: null-ptr-deref Read
# git bisect bad 52a3d792bb54d379c4546cbc40c1365139922e15
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[fd88d68b3887e4ed1bcfb6a73eeac6f2063da34e] macvtap: use common code for virtio_net_hdr and skb GSO conversion
testing commit fd88d68b3887e4ed1bcfb6a73eeac6f2063da34e with gcc (GCC) 5.5.0
kernel signature: 6f08df0756a8b42ad7441208da7776a134b3a0ea505752a6a532a2ebabf9a355
all runs: OK
# git bisect good fd88d68b3887e4ed1bcfb6a73eeac6f2063da34e
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[699fafafab6d765f12367b3ce0816e64ae19d1e8] tcp: add NV congestion control
testing commit 699fafafab6d765f12367b3ce0816e64ae19d1e8 with gcc (GCC) 5.5.0
kernel signature: c41294ecfd375769c5320208ef743634f21ed62987a87087d3728668757fb692
all runs: OK
# git bisect good 699fafafab6d765f12367b3ce0816e64ae19d1e8
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[ddb55992b04d9749e7c00af7f855e4e13566a521] arm64: bpf: implement bpf_tail_call() helper
testing commit ddb55992b04d9749e7c00af7f855e4e13566a521 with gcc (GCC) 5.5.0
kernel signature: 6445a48b187ceb0c3cfddeda0b6c29e0c256f256c98bc6aeed68e35d39dc0d9c
all runs: OK
# git bisect good ddb55992b04d9749e7c00af7f855e4e13566a521
Bisecting: 0 revisions left to test after this (roughly 1 step)
[643c332d519bdfbf80d21f40d1c0aa0ccf3ec1cb] arm64: bpf: optimize LD_ABS, LD_IND
testing commit 643c332d519bdfbf80d21f40d1c0aa0ccf3ec1cb with gcc (GCC) 5.5.0
kernel signature: fd56e04d95d72e3e2371342b21fbce74abb8222ccc26f012dc27114a699a977c
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: crashed: KASAN: null-ptr-deref Read
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 643c332d519bdfbf80d21f40d1c0aa0ccf3ec1cb
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[997ce888324685a90fb5d0fa26293eb8826c767c] arm64: bpf: optimize JMP_CALL
testing commit 997ce888324685a90fb5d0fa26293eb8826c767c with gcc (GCC) 5.5.0
kernel signature: 55f705ae550362bd456ecf52bba3afc999b0b65a7aa0d02bfacd6c1247648ae9
all runs: OK
# git bisect good 997ce888324685a90fb5d0fa26293eb8826c767c
643c332d519bdfbf80d21f40d1c0aa0ccf3ec1cb is the first bad commit
commit 643c332d519bdfbf80d21f40d1c0aa0ccf3ec1cb
Author: Zi Shen Lim <zlim.lnx@gmail.com>
Date:   Wed Jun 8 21:18:50 2016 -0700

    arm64: bpf: optimize LD_ABS, LD_IND
    
    Remove superfluous stack frame, saving us 3 instructions for every
    LD_ABS or LD_IND.
    
    Signed-off-by: Zi Shen Lim <zlim.lnx@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 arch/arm64/net/bpf_jit_comp.c | 3 ---
 1 file changed, 3 deletions(-)
culprit signature: fd56e04d95d72e3e2371342b21fbce74abb8222ccc26f012dc27114a699a977c
parent  signature: 55f705ae550362bd456ecf52bba3afc999b0b65a7aa0d02bfacd6c1247648ae9
revisions tested: 38, total time: 6h31m22.27526107s (build: 3h15m48.016666634s, test: 3h10m43.931744518s)
first bad commit: 643c332d519bdfbf80d21f40d1c0aa0ccf3ec1cb arm64: bpf: optimize LD_ABS, LD_IND
recipients (to): ["davem@davemloft.net" "linux-kernel@vger.kernel.org" "zlim.lnx@gmail.com"]
recipients (cc): ["catalin.marinas@arm.com" "linux-arm-kernel@lists.infradead.org" "will.deacon@arm.com"]
crash: KASAN: null-ptr-deref Read
batman_adv: batadv0: Removing interface: batadv_slave_0
==================================================================
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
BUG: KASAN: null-ptr-deref on address           (null)
Read of size 24 by task kworker/u4:5/3573
CPU: 1 PID: 3573 Comm: kworker/u4:5 Not tainted 4.7.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_send_outstanding_bat_ogm_packet
 0000000000000000 ffff8800af1cf9e8 ffffffff82e4a282 0000000000000018
 ffff8800af1cfa78 ffff8800ab3b6380 ffff8800a8e63350 0000000000000024
 ffff8800af1cfa68 ffffffff81745ef5 0000000000000003 ffff8800ab3b6380
Call Trace:
 [<ffffffff82e4a282>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82e4a282>] dump_stack+0x136/0x1d4 lib/dump_stack.c:51
 [<ffffffff81745ef5>] kasan_report_error+0x485/0x5b0 mm/kasan/report.c:273
 [<ffffffff81746354>] kasan_report+0x34/0x40 mm/kasan/report.c:298
 [<ffffffff81744d0d>] check_memory_region_inline mm/kasan/kasan.c:285 [inline]
 [<ffffffff81744d0d>] check_memory_region+0x13d/0x1a0 mm/kasan/kasan.c:299
 [<ffffffff81745183>] memcpy+0x23/0x50 mm/kasan/kasan.c:334
 [<ffffffff85cfab68>] batadv_tvlv_realloc_packet_buff net/batman-adv/main.c:891 [inline]
 [<ffffffff85cfab68>] batadv_tvlv_container_ogm_append+0x158/0x470 net/batman-adv/main.c:926
 [<ffffffff85cce0ea>] batadv_iv_ogm_schedule+0x9ea/0xc70 net/batman-adv/bat_iv_ogm.c:947
 [<ffffffff85d1a271>] batadv_schedule_bat_ogm net/batman-adv/send.c:448 [inline]
 [<ffffffff85d1a271>] batadv_send_outstanding_bat_ogm_packet+0x2f1/0x410 net/batman-adv/send.c:636
 [<ffffffff8138bf1c>] process_one_work+0x67c/0x14f0 kernel/workqueue.c:2096
 [<ffffffff8138ce6a>] worker_thread+0xda/0xf10 kernel/workqueue.c:2230
 [<ffffffff8139d919>] kthread+0x209/0x2d0 kernel/kthread.c:209
 [<ffffffff85e0a64f>] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:389
==================================================================
BUG: unable to handle kernel NULL pointer dereference at           (null)
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
IP: [<ffffffff82e7b1c6>] memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:51
PGD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 3573 Comm: kworker/u4:5 Tainted: G    B           4.7.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_send_outstanding_bat_ogm_packet
task: ffff8800ab3b6380 ti: ffff8800af1c8000 task.ti: ffff8800af1c8000
RIP: 0010:[<ffffffff82e7b1c6>]  [<ffffffff82e7b1c6>] memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:51
RSP: 0018:ffff8800af1cfac8  EFLAGS: 00010246
RAX: ffff880128e21800 RBX: 0000000000000018 RCX: 0000000000000018
RDX: 0000000000000018 RSI: 0000000000000000 RDI: ffff880128e21800
RBP: ffff8800af1cfae8 R08: ffffed00251c4303 R09: ffffed00251c4303
R10: 0000000000000003 R11: ffffed00251c4302 R12: ffff880128e21800
R13: 0000000000000000 R14: ffff8800a8e63350 R15: 0000000000000024
FS:  0000000000000000(0000) GS:ffff88012c100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000127cb3000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff817451a5 0000000000000018 ffff8800b7015340 ffff8800a8e63348
 ffff8800af1cfb48 ffffffff85cfab68 ffff8800b7015b20 0000000000000000
 ffff880128e21800 ffff88000000003c ffff8800b7015b30 ffff8800b7015340
Call Trace:
 [<ffffffff85cfab68>] batadv_tvlv_realloc_packet_buff net/batman-adv/main.c:891 [inline]
 [<ffffffff85cfab68>] batadv_tvlv_container_ogm_append+0x158/0x470 net/batman-adv/main.c:926
 [<ffffffff85cce0ea>] batadv_iv_ogm_schedule+0x9ea/0xc70 net/batman-adv/bat_iv_ogm.c:947
 [<ffffffff85d1a271>] batadv_schedule_bat_ogm net/batman-adv/send.c:448 [inline]
 [<ffffffff85d1a271>] batadv_send_outstanding_bat_ogm_packet+0x2f1/0x410 net/batman-adv/send.c:636
 [<ffffffff8138bf1c>] process_one_work+0x67c/0x14f0 kernel/workqueue.c:2096
 [<ffffffff8138ce6a>] worker_thread+0xda/0xf10 kernel/workqueue.c:2230
 [<ffffffff8139d919>] kthread+0x209/0x2d0 kernel/kthread.c:209
 [<ffffffff85e0a64f>] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:389
Code: ff ff ff 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 
RIP  [<ffffffff82e7b1c6>] memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:50
 RSP <ffff8800af1cfac8>
CR2: 0000000000000000
---[ end trace 921a716467ffd295 ]---