bisecting cause commit starting from cd984a5be21549273a3f13b52a8b7b84097b32a7 building syzkaller on c198d5ddeb35c810b03f6e7042bc64b5f7a8726c testing commit cd984a5be21549273a3f13b52a8b7b84097b32a7 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in rds_recv_rcvbuf_delta run #1: crashed: general protection fault in rds_recv_rcvbuf_delta run #2: crashed: general protection fault in rds_recv_rcvbuf_delta run #3: crashed: general protection fault in rds_recv_rcvbuf_delta run #4: crashed: general protection fault in rds_recv_rcvbuf_delta run #5: crashed: general protection fault in rds_recv_rcvbuf_delta run #6: crashed: general protection fault in corrupted run #7: crashed: general protection fault in rds_recv_rcvbuf_delta run #8: crashed: general protection fault in rds_recv_rcvbuf_delta run #9: crashed: general protection fault in rds_recv_rcvbuf_delta testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in corrupted run #1: crashed: general protection fault in rds_recv_rcvbuf_delta run #2: crashed: general protection fault in rds_recv_rcvbuf_delta run #3: crashed: general protection fault in rds_recv_rcvbuf_delta run #4: crashed: general protection fault in rds_recv_rcvbuf_delta run #5: crashed: general protection fault in rds_recv_rcvbuf_delta run #6: crashed: general protection fault in rds_recv_rcvbuf_delta run #7: crashed: general protection fault in rds_recv_rcvbuf_delta run #8: crashed: general protection fault in rds_recv_rcvbuf_delta run #9: crashed: general protection fault in rds_recv_rcvbuf_delta testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rds_recv_rcvbuf_delta testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rds_recv_rcvbuf_delta testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in rds_bind run #1: crashed: KASAN: use-after-free Read in rds_bind run #2: crashed: KASAN: use-after-free Read in rds_find_bound run #3: crashed: KASAN: use-after-free Read in rds_bind run #4: crashed: KASAN: use-after-free Read in rds_bind run #5: crashed: KASAN: use-after-free Read in rds_bind run #6: crashed: KASAN: use-after-free Read in rds_bind run #7: crashed: KASAN: use-after-free Read in rds_find_bound run #8: crashed: KASAN: use-after-free Read in rds_find_bound run #9: crashed: KASAN: use-after-free Read in rds_bind testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in rds_find_bound run #1: crashed: KASAN: use-after-free Read in rds_find_bound run #2: crashed: KASAN: use-after-free Read in rds_bind run #3: crashed: KASAN: use-after-free Read in rds_find_bound run #4: crashed: KASAN: use-after-free Read in rds_find_bound run #5: crashed: KASAN: use-after-free Read in refcount_inc_not_zero run #6: crashed: KASAN: use-after-free Read in rds_find_bound run #7: crashed: KASAN: use-after-free Read in rds_find_bound run #8: crashed: KASAN: use-after-free Read in rds_find_bound run #9: crashed: KASAN: use-after-free Read in rds_bind testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in rds_find_bound run #1: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #2: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #3: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #4: crashed: KASAN: use-after-free Read in rds_find_bound run #5: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #6: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #7: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #8: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #9: crashed: KASAN: use-after-free Read in __rhashtable_lookup testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #1: crashed: KASAN: use-after-free Read in rds_find_bound run #2: crashed: KASAN: use-after-free Read in rds_find_bound run #3: crashed: KASAN: use-after-free Read in rds_find_bound run #4: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #5: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #6: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #7: crashed: KASAN: use-after-free Read in rds_find_bound run #8: crashed: KASAN: use-after-free Read in rds_find_bound run #9: crashed: KASAN: use-after-free Read in __rhashtable_lookup testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in rds_find_bound run #1: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #2: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #3: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #4: crashed: KASAN: use-after-free Read in refcount_inc_not_zero run #5: crashed: KASAN: use-after-free Read in rds_find_bound run #6: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #7: crashed: KASAN: use-after-free Read in rds_find_bound run #8: crashed: KASAN: use-after-free Read in rds_find_bound run #9: crashed: KASAN: use-after-free Read in rds_find_bound testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #1: crashed: KASAN: use-after-free Read in rds_find_bound run #2: crashed: KASAN: use-after-free Read in rds_find_bound run #3: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #4: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #5: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #6: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #7: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #8: crashed: KASAN: use-after-free Read in rds_find_bound run #9: crashed: KASAN: use-after-free Read in rds_find_bound testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 run #0: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #1: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #2: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #3: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #4: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #5: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #6: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #7: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #8: crashed: KASAN: use-after-free Read in __rhashtable_lookup run #9: crashed: KASAN: use-after-free Read in rds_recv_incoming testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in rds_add_bound run #1: crashed: KASAN: use-after-free Read in rds_find_bound run #2: crashed: KASAN: use-after-free Read in rds_add_bound run #3: crashed: KASAN: use-after-free Read in rds_find_bound run #4: crashed: KASAN: use-after-free Read in rds_find_bound run #5: crashed: KASAN: use-after-free Read in rds_add_bound run #6: crashed: KASAN: use-after-free Read in rds_add_bound run #7: crashed: KASAN: use-after-free Read in rds_find_bound run #8: crashed: KASAN: use-after-free Read in rds_add_bound run #9: crashed: KASAN: use-after-free Read in rds_find_bound testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in rds_add_bound run #1: crashed: KASAN: use-after-free Read in rds_add_bound run #2: crashed: KASAN: use-after-free Read in rds_find_bound run #3: crashed: KASAN: use-after-free Read in rds_add_bound run #4: crashed: KASAN: use-after-free Read in rds_add_bound run #5: crashed: KASAN: use-after-free Read in rds_add_bound run #6: crashed: KASAN: use-after-free Read in rds_find_bound run #7: crashed: KASAN: use-after-free Read in rds_find_bound run #8: crashed: KASAN: use-after-free Read in rds_add_bound run #9: crashed: KASAN: use-after-free Read in rds_add_bound testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in rds_bind run #1: crashed: KASAN: use-after-free Read in rds_bind run #2: crashed: KASAN: use-after-free Read in rds_bind run #3: crashed: KASAN: use-after-free Read in rds_bind run #4: crashed: KASAN: use-after-free Read in rds_bind run #5: crashed: KASAN: use-after-free Read in rds_bind run #6: crashed: KASAN: use-after-free Read in rds_find_bound run #7: crashed: KASAN: use-after-free Read in rds_find_bound run #8: crashed: KASAN: use-after-free Read in rds_bind run #9: crashed: KASAN: use-after-free Read in rds_bind testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in rds_bind run #1: crashed: KASAN: use-after-free Read in rds_find_bound run #2: crashed: KASAN: use-after-free Read in rds_find_bound run #3: crashed: KASAN: use-after-free Read in rds_bind run #4: crashed: KASAN: use-after-free Read in rds_bind run #5: crashed: KASAN: use-after-free Read in rds_bind run #6: crashed: KASAN: use-after-free Read in rds_bind run #7: crashed: KASAN: use-after-free Read in rds_bind run #8: crashed: KASAN: use-after-free Read in rds_bind run #9: crashed: KASAN: use-after-free Read in rds_bind testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in rds_find_bound run #1: crashed: KASAN: use-after-free Read in rds_bind run #2: crashed: KASAN: use-after-free Read in rds_find_bound run #3: crashed: KASAN: use-after-free Read in rds_find_bound run #4: crashed: KASAN: use-after-free Read in rds_find_bound run #5: crashed: KASAN: use-after-free Read in rds_find_bound run #6: crashed: KASAN: use-after-free Read in rds_bind run #7: crashed: KASAN: use-after-free Read in rds_bind run #8: crashed: KASAN: use-after-free Read in rds_find_bound run #9: crashed: KASAN: use-after-free Read in rds_bind testing release v4.5 testing commit b562e44f507e863c6792946e4e1b1449fbbac85d with gcc (GCC) 5.5.0 all runs: OK # git bisect start v4.6 v4.5 Bisecting: 8131 revisions left to test after this (roughly 13 steps) [6b5f04b6cf8ebab9a65d9c0026c650bb2538fd0f] Merge branch 'for-4.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup testing commit 6b5f04b6cf8ebab9a65d9c0026c650bb2538fd0f with gcc (GCC) 5.5.0 all runs: OK # git bisect good 6b5f04b6cf8ebab9a65d9c0026c650bb2538fd0f Bisecting: 3735 revisions left to test after this (roughly 12 steps) [266c73b77706f2d05b4a3e70a5bb702ed35431d6] Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux testing commit 266c73b77706f2d05b4a3e70a5bb702ed35431d6 with gcc (GCC) 5.5.0 /usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/kernel/net/openvswitch/conntrack.c:540: undefined reference to `nf_nat_icmp_reply_translation' # git bisect skip 266c73b77706f2d05b4a3e70a5bb702ed35431d6 Bisecting: 3735 revisions left to test after this (roughly 12 steps) [4cd05a74cc604ef1cc6ac37a25629e185bcd2cc5] drm/amd/powerplay: notify amdgpu whether dpm is enabled or not. testing commit 4cd05a74cc604ef1cc6ac37a25629e185bcd2cc5 with gcc (GCC) 5.5.0 mm/kasan/kasan.c:501:3: error: too few arguments to function ‘set_track’ # git bisect skip 4cd05a74cc604ef1cc6ac37a25629e185bcd2cc5 Bisecting: 3735 revisions left to test after this (roughly 12 steps) [51c0e87e9a48d081d7ccb40d7454a0fa2935a424] powerpc/eeh: Cache normal BARs, not windows or IOV BARs testing commit 51c0e87e9a48d081d7ccb40d7454a0fa2935a424 with gcc (GCC) 5.5.0 all runs: basic kernel testing failed: possible deadlock in nf_conntrack_lock # git bisect skip 51c0e87e9a48d081d7ccb40d7454a0fa2935a424 Bisecting: 3735 revisions left to test after this (roughly 12 steps) [2aac7ddf9a410e3418c9cc69618f304550466793] clk: qcom: ipq4019: add some fixed clocks for ddrppl and fepll testing commit 2aac7ddf9a410e3418c9cc69618f304550466793 with gcc (GCC) 5.5.0 mm/kasan/kasan.c:501:3: error: too few arguments to function ‘set_track’ # git bisect skip 2aac7ddf9a410e3418c9cc69618f304550466793 Bisecting: 3735 revisions left to test after this (roughly 12 steps) [fe31419501ba133a967da7b7da0d32945ef21840] IB/rdmavt: Fix copyright date testing commit fe31419501ba133a967da7b7da0d32945ef21840 with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad fe31419501ba133a967da7b7da0d32945ef21840 Bisecting: 49 revisions left to test after this (roughly 6 steps) [0b8a8aae02abfbd724186cffe400fbdbf0cb41d6] IB/rdmavt: Add the start of capability flags testing commit 0b8a8aae02abfbd724186cffe400fbdbf0cb41d6 with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in rds_bind run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 0b8a8aae02abfbd724186cffe400fbdbf0cb41d6 Bisecting: 23 revisions left to test after this (roughly 5 steps) [0194621b225348428c212f330c26d194fc77bd15] IB/rdmavt: Create module framework and handle driver registration testing commit 0194621b225348428c212f330c26d194fc77bd15 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 0194621b225348428c212f330c26d194fc77bd15 Bisecting: 11 revisions left to test after this (roughly 4 steps) [2a055eb7aa2ad168ec7c616a183e385266b6bf76] IB/rdmavt: Add memory region stubs testing commit 2a055eb7aa2ad168ec7c616a183e385266b6bf76 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 2a055eb7aa2ad168ec7c616a183e385266b6bf76 Bisecting: 5 revisions left to test after this (roughly 3 steps) [cf16335a0ccf5adda3d4bad932a7e012891709c5] IB/rdmavt: Add completion queue function stubs testing commit cf16335a0ccf5adda3d4bad932a7e012891709c5 with gcc (GCC) 5.5.0 all runs: OK # git bisect good cf16335a0ccf5adda3d4bad932a7e012891709c5 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ca889e8ad3af9f1dfeb827356bc9839fb20f32be] IB/rdmavt: Add queue pair data structure to rdmavt testing commit ca889e8ad3af9f1dfeb827356bc9839fb20f32be with gcc (GCC) 5.5.0 all runs: OK # git bisect good ca889e8ad3af9f1dfeb827356bc9839fb20f32be Bisecting: 1 revision left to test after this (roughly 1 step) [aec5778775ac03ee6cfd6480adbbf6b05513d77b] IB/rdmavt: Move driver helper functions to a common structure testing commit aec5778775ac03ee6cfd6480adbbf6b05513d77b with gcc (GCC) 5.5.0 all runs: OK # git bisect good aec5778775ac03ee6cfd6480adbbf6b05513d77b Bisecting: 0 revisions left to test after this (roughly 0 steps) [b534875d5ab348fb9193692589e2ee82ae768e3a] IB/rdmavt: Add device specific info prints testing commit b534875d5ab348fb9193692589e2ee82ae768e3a with gcc (GCC) 5.5.0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in rds_bind run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad b534875d5ab348fb9193692589e2ee82ae768e3a b534875d5ab348fb9193692589e2ee82ae768e3a is the first bad commit commit b534875d5ab348fb9193692589e2ee82ae768e3a Author: Dennis Dalessandro Date: Wed Jan 6 10:02:59 2016 -0800 IB/rdmavt: Add device specific info prints Follow hfi1's example for printing information about the driver and incorporate into rdmavt. This requires two new functions to be provided by the driver, one to get_card_name and one to get_pci_dev. Reviewed-by: Mike Marciniszyn Reviewed-by: Ira Weiny Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/vt.c | 13 ++++++++++--- drivers/infiniband/sw/rdmavt/vt.h | 28 ++++++++++++++++++++++++++++ include/rdma/rdma_vt.h | 3 +++ 3 files changed, 41 insertions(+), 3 deletions(-) revisions tested: 30, total time: 5h8m15.300909289s (build: 1h44m54.080540267s, test: 3h17m16.133565958s) first bad commit: b534875d5ab348fb9193692589e2ee82ae768e3a IB/rdmavt: Add device specific info prints cc: ["dennis.dalessandro@intel.com" "dledford@redhat.com" "ira.weiny@intel.com" "mike.marciniszyn@intel.com"] crash: BUG: unable to handle kernel NULL pointer dereference in rds_bind BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: [] memcmp+0x9/0x40 lib/string.c:771 kobject: 'loop0' (ffff88003d4bd0a0): kobject_uevent_env kobject: 'loop0' (ffff88003d4bd0a0): fill_kobj_path: path = '/devices/virtual/block/loop0' PGD 7788a067 PUD 7daa2067 PMD 0 Oops: 0000 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 17899 Comm: syz-executor4 Not tainted 4.5.0-rc6+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 task: ffff880039f84080 ti: ffff880038d98000 task.ti: ffff880038d98000 RIP: 0010:[] [] memcmp+0x9/0x40 lib/string.c:771 RSP: 0018:ffff880038d9bde0 EFLAGS: 00010202 kobject: 'loop2' (ffff88003d4998a0): kobject_uevent_env kobject: 'loop2' (ffff88003d4998a0): fill_kobj_path: path = '/devices/virtual/block/loop2' RAX: ffffffff844b4cc0 RBX: 0000000000000000 RCX: 000000000000004e RDX: 0000000000000008 RSI: ffff880038d9be40 RDI: 0000000000000008 RBP: ffff880038d9bde0 R08: ffff880039f84890 R09: 0000000000000000 R10: ffffffff83272ac0 R11: 0000000000ad0024 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88003b5dc000 R15: 0000000000004e21 FS: 00007f8c275ed700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000078104000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff880038d9be80 ffffffff8245a4cd ffffffff8245a15e ffff88003af85c00 ffff880038d9be98 ffff8800bb1414ac ffff880039f84080 ffff880039f26280 0000000020004e21 000000002000214e 00000000000003ff bb1414ac00000000 Call Trace: [] rhashtable_compare include/linux/rhashtable.h:514 [inline] [] rhashtable_lookup_fast include/linux/rhashtable.h:548 [inline] [] rds_add_bound net/rds/bind.c:95 [inline] [] rds_bind+0x41d/0xad0 net/rds/bind.c:153 [] SYSC_bind+0xb0/0xe0 net/socket.c:1377 [] SyS_bind+0x9/0x10 net/socket.c:1363 [] entry_SYSCALL_64_fastpath+0x16/0x76 Code: 5d c3 3c 30 74 0b 3c 31 75 f1 31 c0 c6 06 01 5d c3 31 c0 c6 06 00 5d c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 d2 48 89 e5 74 33 <0f> b6 07 0f b6 0e 29 c8 75 22 48 83 ea 01 31 c9 eb 15 44 0f b6 RIP [] memcmp+0x9/0x40 lib/string.c:770 RSP CR2: 0000000000000008 ---[ end trace 041f1ed6b60e9e15 ]---