bisecting cause commit starting from 7008ee121089b8193aea918b98850fe87d996508
building syzkaller on d2557fb5ca315036c2b81a5088431773c1a64e75
testing commit 7008ee121089b8193aea918b98850fe87d996508 with gcc (GCC) 8.1.0
kernel signature: 7d73971c3021e192b3a3edb243ea42df71f35440
all runs: crashed: KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 99fb903f39bd9146cbc5095549e6dcc55e3dedd2
all runs: crashed: KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 618d95646061b1a7767df37a5e6a930f1eca1271
all runs: crashed: KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: a3d51ebb4d1b6e2234c1eaf974dc412a9148e2a8
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: 0c9985960b6188fa1117822c61fe2dbe6a429e77
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: 5650eba008e80e7f9982eae15ba31c2e50245e7c
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: e5e785db98da1083e4b3d724451e28322febcaf3
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: 30eb5dbb228061dddfa8812ae4b6b95d2d7494f0
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: f8610b3447f8464240370808d4382d2efd57f64f
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: 2f56ea8f255432f9529df12cd45dd7ba908ffdc4
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: 2a0827ca7519e0526c1c7f6d7c6bbd6214aac08d
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: de84e22223eadab09bdaf378e61a182a869f5974
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
kernel signature: 6a7fe21933950e566a40f1a304c9eda5de06cab0
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
kernel signature: 652ff473fac71eab05d9c43175cc043f03f1e4ad
all runs: crashed: WARNING: suspicious RCU usage in gtp_encap_enable_socket
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
kernel signature: 2ca929424663014e3386d97368342010cb20525a
all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
kernel signature: b18c8fe6c75112d1f625e8f12506db2aab74cf07
all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
kernel signature: 84e499c3489f7c2c63d837a36217f2803d549008
all runs: OK
# git bisect start a351e9b9fc24e982ec2f0e76379a49826036da12 c470abd4fde40ea6a0846a2beab642a578c0b8cd
Bisecting: 7088 revisions left to test after this (roughly 13 steps)
[1ec5c1867af085897bb9e0f67bef3713334dbe7f] Merge tag 'gpio-v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
testing commit 1ec5c1867af085897bb9e0f67bef3713334dbe7f with gcc (GCC) 5.5.0
kernel signature: 250043d4d0c49f86b036cac85b4744c664248f4a
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 1ec5c1867af085897bb9e0f67bef3713334dbe7f
Bisecting: 7088 revisions left to test after this (roughly 13 steps)
[a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357] ixgbe: test for trust in macvlan adjustments for VF
testing commit a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357 with gcc (GCC) 5.5.0
kernel signature: f049b54063461c4f3312879289093fb6f5a7ab95
all runs: OK
# git bisect good a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[28cbc335d272f293c4368abd4ac2e17e36805b79] Merge tag 'sound-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
testing commit 28cbc335d272f293c4368abd4ac2e17e36805b79 with gcc (GCC) 5.5.0
kernel signature: f94a84df16b875cad657c687d067906d5ad53b61
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 28cbc335d272f293c4368abd4ac2e17e36805b79
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[09624645e1e85df8d68b04de6e0607d696268333] scsi: aacraid: Save adapter fib log before an IOP reset
testing commit 09624645e1e85df8d68b04de6e0607d696268333 with gcc (GCC) 5.5.0
kernel signature: b1a9c5b82b74026948362c5e9351dc9c142cae34
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 09624645e1e85df8d68b04de6e0607d696268333
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[557c44be917c322860665be3d28376afa84aa936] net: ipv6: RTF_PCPU should not be settable from userspace
testing commit 557c44be917c322860665be3d28376afa84aa936 with gcc (GCC) 5.5.0
kernel signature: 1313fa84f127bea0f474725af4e0887800cf5896
all runs: boot failed: divide error in irq_create_affinity_masks
# git bisect skip 557c44be917c322860665be3d28376afa84aa936
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[6228b8f2d15bc9a9b76d6b209a8b760a642fa996] userfaultfd: non-cooperative: selftest: introduce userfaultfd_open
testing commit 6228b8f2d15bc9a9b76d6b209a8b760a642fa996 with gcc (GCC) 5.5.0
kernel signature: 7477a1bdf79ade074bfd42224c75b492efac124f
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 6228b8f2d15bc9a9b76d6b209a8b760a642fa996
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[1ad38fd719da87980480886f21130053c73007ac] ath10k: fix typo in addr calculation
testing commit 1ad38fd719da87980480886f21130053c73007ac with gcc (GCC) 5.5.0
kernel signature: 2a631a1e1b372ef9c25631e14979b8c76c2c3b88
all runs: OK
# git bisect good 1ad38fd719da87980480886f21130053c73007ac
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[b2d5bfea2d00a0000da18f7667c2b0e2c2f168d9] sched/headers, timers: Remove the <linux/sysctl.h> include from <linux/timer.h>
testing commit b2d5bfea2d00a0000da18f7667c2b0e2c2f168d9 with gcc (GCC) 5.5.0
kernel signature: f13d3e9508b245cafd4e048a20c88ea1e0eec30e
all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor
# git bisect bad b2d5bfea2d00a0000da18f7667c2b0e2c2f168d9
Bisecting: 5334 revisions left to test after this (roughly 12 steps)
[caa59428971d5ad81d19512365c9ba580d83268c] Merge tag 'staging-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
testing commit caa59428971d5ad81d19512365c9ba580d83268c with gcc (GCC) 5.5.0
kernel signature: 23128362971b42ae664f217d28e0a5eef4dbf993
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip caa59428971d5ad81d19512365c9ba580d83268c
Bisecting: 5334 revisions left to test after this (roughly 12 steps)
[6d1dd93ea0d0f0fb61b5450a2668896028ce3f75] Merge tag 'pstore-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
testing commit 6d1dd93ea0d0f0fb61b5450a2668896028ce3f75 with gcc (GCC) 5.5.0
kernel signature: b2315718e21f6218048b459c76cfe8e875d571a8
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 6d1dd93ea0d0f0fb61b5450a2668896028ce3f75
Bisecting: 5334 revisions left to test after this (roughly 12 steps)
[5c4412e0728063583ec971323f8256e8005a32b6] rt2x00: rt2800lib: add support for RT3352 with 20MHz crystal
testing commit 5c4412e0728063583ec971323f8256e8005a32b6 with gcc (GCC) 5.5.0
kernel signature: 0f532bf321733584f2b11b2689283db680b436bf
all runs: OK
# git bisect good 5c4412e0728063583ec971323f8256e8005a32b6
Bisecting: 5334 revisions left to test after this (roughly 12 steps)
[0dd12d54c4252e5a51f3b9f7b622b3b7a5b95293] net: dsa: mv88e6xxx: Add mdio private structure
testing commit 0dd12d54c4252e5a51f3b9f7b622b3b7a5b95293 with gcc (GCC) 5.5.0
kernel signature: 3459b754edd78bbd386e7bc25de697651696011d
all runs: OK
# git bisect good 0dd12d54c4252e5a51f3b9f7b622b3b7a5b95293
Bisecting: 5199 revisions left to test after this (roughly 12 steps)
[8dcde9def5a15df54fa4ca41f7750d80fa741d61] kernel/watchdog.c: do not hardcode CPU 0 as the initial thread
testing commit 8dcde9def5a15df54fa4ca41f7750d80fa741d61 with gcc (GCC) 5.5.0
kernel signature: 8dd65ae1c9388ba38de51ad9194aa23d2d1a9b1a
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 8dcde9def5a15df54fa4ca41f7750d80fa741d61
Bisecting: 5199 revisions left to test after this (roughly 12 steps)
[40465257ac4159e9ebfba10ee502e795b917da76] f2fs: wait for discard completion after submission
testing commit 40465257ac4159e9ebfba10ee502e795b917da76 with gcc (GCC) 5.5.0
kernel signature: d7a6ff5f48b1f5f2be82a69f242f58a77a30b9df
all runs: OK
# git bisect good 40465257ac4159e9ebfba10ee502e795b917da76
Bisecting: 5153 revisions left to test after this (roughly 12 steps)
[37c85961c3f87f2141c84e53df31e59db072fd2e] Merge tag 'tty-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
testing commit 37c85961c3f87f2141c84e53df31e59db072fd2e with gcc (GCC) 5.5.0
kernel signature: ac92879404c0fecccedb1f97a8c4cf93cec807e7
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 37c85961c3f87f2141c84e53df31e59db072fd2e
Bisecting: 5153 revisions left to test after this (roughly 12 steps)
[f2bf14d14dbc50dc56be3ebd18652ea2738ef6f8] mm/page_alloc.c: remove duplicate inclusion of page_ext.h
testing commit f2bf14d14dbc50dc56be3ebd18652ea2738ef6f8 with gcc (GCC) 5.5.0
kernel signature: 392584de62cdc2a9caf8e050392d62b51b3c00bd
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip f2bf14d14dbc50dc56be3ebd18652ea2738ef6f8
Bisecting: 5153 revisions left to test after this (roughly 12 steps)
[a29af939b24dc98c11e1e8a77be7669c4e4f5719] crypto: atmel-sha - update request queue management to make it more generic
testing commit a29af939b24dc98c11e1e8a77be7669c4e4f5719 with gcc (GCC) 5.5.0
kernel signature: 0ff5eddd3da991305006da3822899d918afc9a4b
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: crashed: WARNING in nf_unregister_net_hook
# git bisect bad a29af939b24dc98c11e1e8a77be7669c4e4f5719
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[b8fbe71f7535d4dfeed0bb8d924107dc58d502e2] crypto: x86/chacha20 - Manually align stack buffer
testing commit b8fbe71f7535d4dfeed0bb8d924107dc58d502e2 with gcc (GCC) 5.5.0
kernel signature: 4acb9fb1c6155c69b5df1b2c9ce5bf28574ff0ba
all runs: OK
# git bisect good b8fbe71f7535d4dfeed0bb8d924107dc58d502e2
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[3bfb2e6b32443841ff90460a78bdefb19f8d61e8] crypto: img-hash - use dma_data_direction when calling dma_map_sg
testing commit 3bfb2e6b32443841ff90460a78bdefb19f8d61e8 with gcc (GCC) 5.5.0
kernel signature: d820ba6c20bd615f99f21460276552dde0b7b8fe
all runs: OK
# git bisect good 3bfb2e6b32443841ff90460a78bdefb19f8d61e8
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[0abc271494d1209e097f2837e324ecd9c05716e5] crypto: mediatek - regroup functions by usage
testing commit 0abc271494d1209e097f2837e324ecd9c05716e5 with gcc (GCC) 5.5.0
kernel signature: f580997c2e5a5674be3785aad6cbd4e7e1ee73e5
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: crashed: WARNING in nf_unregister_net_hook
run #9: OK
# git bisect bad 0abc271494d1209e097f2837e324ecd9c05716e5
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[a873996238e4019c54c49b56fcc1fef35a93da41] crypto: mediatek - move HW control data to transformation context
testing commit a873996238e4019c54c49b56fcc1fef35a93da41 with gcc (GCC) 5.5.0
kernel signature: 33ce6d22710d8c8e389b06adc9818c0ae05c6874
all runs: OK
# git bisect good a873996238e4019c54c49b56fcc1fef35a93da41
Bisecting: 1 revision left to test after this (roughly 1 step)
[382ae57d5e52a62e77d62e60e5be9a6526d40da0] crypto: mediatek - make crypto request queue management more generic
testing commit 382ae57d5e52a62e77d62e60e5be9a6526d40da0 with gcc (GCC) 5.5.0
kernel signature: 4a69595a7985738a84a0806eb56ba64a68dfda75
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: crashed: general protection fault in batadv_iv_ogm_queue_add
# git bisect bad 382ae57d5e52a62e77d62e60e5be9a6526d40da0
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[4432861fb9747fce52f94bc13da0d9b41292ef69] crypto: mediatek - fix incorrect data transfer result
testing commit 4432861fb9747fce52f94bc13da0d9b41292ef69 with gcc (GCC) 5.5.0
kernel signature: ab03a901ab994b53bd7761518aee1dab2206d1d5
all runs: OK
# git bisect good 4432861fb9747fce52f94bc13da0d9b41292ef69
382ae57d5e52a62e77d62e60e5be9a6526d40da0 is the first bad commit
commit 382ae57d5e52a62e77d62e60e5be9a6526d40da0
Author: Ryder Lee <ryder.lee@mediatek.com>
Date:   Fri Jan 20 13:41:10 2017 +0800

    crypto: mediatek - make crypto request queue management more generic
    
    This patch changes mtk_aes_handle_queue() to make it more generic.
    The function argument is now a pointer to struct crypto_async_request,
    which is the common base of struct ablkcipher_request and
    struct aead_request.
    
    Also this patch introduces struct mtk_aes_base_ctx which will be the
    common base of all the transformation contexts.
    
    Hence the very same queue will be used to manage both block cipher and
    AEAD requests (such as gcm and authenc implemented in further patches).
    
    Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

 drivers/crypto/mediatek/mtk-aes.c      | 75 ++++++++++++++++++++--------------
 drivers/crypto/mediatek/mtk-platform.h | 14 ++++---
 2 files changed, 53 insertions(+), 36 deletions(-)
culprit signature: 4a69595a7985738a84a0806eb56ba64a68dfda75
parent  signature: ab03a901ab994b53bd7761518aee1dab2206d1d5
revisions tested: 40, total time: 8h35m28.958014779s (build: 3h14m30.55271431s, test: 5h15m40.265541647s)
first bad commit: 382ae57d5e52a62e77d62e60e5be9a6526d40da0 crypto: mediatek - make crypto request queue management more generic
cc: ["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-arm-kernel@lists.infradead.org" "linux-crypto@vger.kernel.org" "linux-kernel@vger.kernel.org" "linux-mediatek@lists.infradead.org" "matthias.bgg@gmail.com" "ryder.lee@mediatek.com"]
crash: general protection fault in batadv_iv_ogm_queue_add
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 65 Comm: kworker/u4:2 Not tainted 4.10.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
task: ffff88012ac0e0c0 task.stack: ffff88012ac10000
RIP: 0010:batadv_iv_ogm_queue_add+0x2f/0xdb0 net/batman-adv/bat_iv_ogm.c:773
RSP: 0018:ffff88012ac17b78 EFLAGS: 00010286
RAX: dffffc0000000000 RBX: ffff88010d579580 RCX: ffff88010d579580
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffff88012ac17c10 R08: ffff88010d579580 R09: 0000000000000001
R10: ffff88012ac0e918 R11: ffff88012ac0e0c0 R12: 000000000000003c
R13: 0000000000000000 R14: ffff88010d579580 R15: ffff8801182264c0
FS:  0000000000000000(0000) GS:ffff88012c100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc25cbc3000 CR3: 0000000123237000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 batadv_iv_ogm_schedule+0x95a/0xcc0 net/batman-adv/bat_iv_ogm.c:977
 batadv_iv_send_outstanding_bat_ogm_packet+0x4e0/0x770 net/batman-adv/bat_iv_ogm.c:1803
 process_one_work+0x72f/0x16a0 kernel/workqueue.c:2098
 worker_thread+0xe1/0x1110 kernel/workqueue.c:2232
 kthread+0x2c9/0x3d0 kernel/kthread.c:227
 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:427
Code: 00 00 00 fc ff df 55 48 89 e5 41 57 49 89 ff 48 8d 7e 03 41 56 41 55 49 89 f5 41 54 41 89 d4 48 89 fa 48 c1 ea 03 53 48 83 ec 70 <0f> b6 04 02 48 89 fa 48 89 4d b0 83 e2 07 4c 89 45 c0 44 89 4d 
RIP: batadv_iv_ogm_queue_add+0x2f/0xdb0 net/batman-adv/bat_iv_ogm.c:773 RSP: ffff88012ac17b78
---[ end trace 847f38648a1be9cd ]---