bisecting cause commit starting from e40115c06b1d3a6059ba379041e4661dbb6b02b8 building syzkaller on 0d10349cf0b4a9f98490378709bd9a83bd0042d6 testing commit e40115c06b1d3a6059ba379041e4661dbb6b02b8 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in kstrtouint testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 all runs: OK # git bisect start e40115c06b1d3a6059ba379041e4661dbb6b02b8 v5.2 Bisecting: 7202 revisions left to test after this (roughly 13 steps) [e9a1379f9219be439f47a0f063431a92dc529eda] x86/vdso: Fix flip/flop vdso build bug testing commit e9a1379f9219be439f47a0f063431a92dc529eda with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor737505100" "root@10.128.10.62:./syz-executor737505100"]: exit status 1 ssh: connect to host 10.128.10.62 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good e9a1379f9219be439f47a0f063431a92dc529eda Bisecting: 3625 revisions left to test after this (roughly 12 steps) [5fe7b600a116187e10317d83fb56922c4ef6b76d] Merge tag 'for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 5fe7b600a116187e10317d83fb56922c4ef6b76d with gcc (GCC) 8.1.0 all runs: OK # git bisect good 5fe7b600a116187e10317d83fb56922c4ef6b76d Bisecting: 1807 revisions left to test after this (roughly 11 steps) [1ae00ebda0d9f4ee6de68a1f0235c1385f553734] Merge remote-tracking branch 'xtensa/xtensa-for-next' testing commit 1ae00ebda0d9f4ee6de68a1f0235c1385f553734 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 1ae00ebda0d9f4ee6de68a1f0235c1385f553734 Bisecting: 759 revisions left to test after this (roughly 10 steps) [72db6c2fddbbf971df905847e59c00b0ec1a16eb] Merge remote-tracking branch 'drm-intel/for-linux-next' testing commit 72db6c2fddbbf971df905847e59c00b0ec1a16eb with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in kstrtouint # git bisect bad 72db6c2fddbbf971df905847e59c00b0ec1a16eb Bisecting: 445 revisions left to test after this (roughly 9 steps) [2938a33b291868bd4166654535e5296dc37859c4] Merge remote-tracking branch 'hid/for-next' testing commit 2938a33b291868bd4166654535e5296dc37859c4 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in kstrtouint # git bisect bad 2938a33b291868bd4166654535e5296dc37859c4 Bisecting: 298 revisions left to test after this (roughly 8 steps) [eb68f14184daba3858963846e7e17d6f43db6d70] Merge remote-tracking branch 'iomap/iomap-for-next' testing commit eb68f14184daba3858963846e7e17d6f43db6d70 with gcc (GCC) 8.1.0 all runs: OK # git bisect good eb68f14184daba3858963846e7e17d6f43db6d70 Bisecting: 149 revisions left to test after this (roughly 7 steps) [e72e014cd305f4f4668a230824cbfe77491a1536] Merge branch 'for-5.2/fixes' into for-next testing commit e72e014cd305f4f4668a230824cbfe77491a1536 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e72e014cd305f4f4668a230824cbfe77491a1536 Bisecting: 74 revisions left to test after this (roughly 6 steps) [334d581528b9a34095b1cf94006ee499540739a7] vfs: Convert ubifs to use the new mount API testing commit 334d581528b9a34095b1cf94006ee499540739a7 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 334d581528b9a34095b1cf94006ee499540739a7 Bisecting: 40 revisions left to test after this (roughly 5 steps) [23622e4463a578a7a67b59c21364984470c21443] Merge branch 'work.mount' into for-next testing commit 23622e4463a578a7a67b59c21364984470c21443 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in kstrtouint # git bisect bad 23622e4463a578a7a67b59c21364984470c21443 Bisecting: 16 revisions left to test after this (roughly 4 steps) [69f5e7924076c8efe2fed33dc59a51579373d52f] vfs: Convert hypfs to use the new mount API testing commit 69f5e7924076c8efe2fed33dc59a51579373d52f with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in kstrtouint # git bisect bad 69f5e7924076c8efe2fed33dc59a51579373d52f Bisecting: 8 revisions left to test after this (roughly 3 steps) [9f0c892c7dbe16dbb8d2e7e53a8230bedb68608e] vfs: Convert jffs2 to use the new mount API testing commit 9f0c892c7dbe16dbb8d2e7e53a8230bedb68608e with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in kstrtouint # git bisect bad 9f0c892c7dbe16dbb8d2e7e53a8230bedb68608e Bisecting: 3 revisions left to test after this (roughly 2 steps) [71cbb7570a9a0b830125163c20125a8b5e65ac45] vfs: Move the subtype parameter into fuse testing commit 71cbb7570a9a0b830125163c20125a8b5e65ac45 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in kstrtouint # git bisect bad 71cbb7570a9a0b830125163c20125a8b5e65ac45 Bisecting: 1 revision left to test after this (roughly 1 step) [461a27aaa26e17d9d5339ef76b806be923561cef] vfs: Create fs_context-aware mount_bdev() replacement testing commit 461a27aaa26e17d9d5339ef76b806be923561cef with gcc (GCC) 8.1.0 all runs: OK # git bisect good 461a27aaa26e17d9d5339ef76b806be923561cef Bisecting: 0 revisions left to test after this (roughly 0 steps) [408cbe6953503065c622a62d704d279981eeb932] vfs: Convert fuse to use the new mount API testing commit 408cbe6953503065c622a62d704d279981eeb932 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 408cbe6953503065c622a62d704d279981eeb932 71cbb7570a9a0b830125163c20125a8b5e65ac45 is the first bad commit commit 71cbb7570a9a0b830125163c20125a8b5e65ac45 Author: David Howells Date: Mon Mar 25 16:38:31 2019 +0000 vfs: Move the subtype parameter into fuse Move as much as possible of the mount subtype apparatus into the fuse driver. The bits that are left involve determining whether it's permitted to split the filesystem type string passed in to mount(2). Consequently, this means that we cannot get rid of the FS_HAS_SUBTYPE flag unless we define that a type string with a dot in in always indicates a subtype specification. Signed-off-by: David Howells Signed-off-by: Al Viro :040000 040000 68804f1a8c72fa0b0534af23759d7c7fe9a58db4 a9e9815d19b87f6f770ea910b4bd4ec3747084ac M fs :040000 040000 b3137adabdd4bf3aadcc1df5c2e6fa05d7dfd551 9cfae02d6fd5c5614c624a9b69dfaf5f34193874 M include revisions tested: 16, total time: 3h39m36.295032914s (build: 1h31m45.524933191s, test: 2h2m23.256254786s) first bad commit: 71cbb7570a9a0b830125163c20125a8b5e65ac45 vfs: Move the subtype parameter into fuse cc: ["dhowells@redhat.com" "gregkh@linuxfoundation.org" "kstewart@linuxfoundation.org" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "miklos@szeredi.hu" "tglx@linutronix.de" "viro@zeniv.linux.org.uk"] crash: general protection fault in kstrtouint kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 7349 Comm: syz-executor.2 Not tainted 5.2.0-rc1+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:kstrtoull /lib/kstrtox.c:123 [inline] RIP: 0010:kstrtouint+0x6a/0x130 /lib/kstrtox.c:222 Code: c7 45 90 f0 8e ff 82 c7 02 f1 f1 f1 f1 c7 42 04 00 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d8 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 80 00 00 00 RSP: 0018:ffff888084527a00 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff888084527a88 R08: ffff888084527cb8 R09: ffffffff872fd120 R10: 0000000000000020 R11: ffff8880aeb35efb R12: 1ffff110108a4f41 R13: ffff888084527b38 R14: ffff888084527a68 R15: ffff888084527b30 FS: 00007fde4595e700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffdcf629fe8 CR3: 00000000867e3000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: fs_parse+0xb54/0xf00 /fs/fs_parser.c:213 fuse_parse_param+0xa1/0x690 /fs/fuse/inode.c:491 vfs_parse_fs_param+0x245/0x490 /fs/fs_context.c:149 vfs_parse_fs_string+0xb8/0x110 /fs/fs_context.c:192 generic_parse_monolithic+0x11a/0x190 /fs/fs_context.c:232 parse_monolithic_mount_data+0x5c/0x90 /fs/fs_context.c:712 do_new_mount /fs/namespace.c:2789 [inline] do_mount+0x10af/0x1b60 /fs/namespace.c:3113 ksys_mount+0xba/0xe0 /fs/namespace.c:3322 __do_sys_mount /fs/namespace.c:3336 [inline] __se_sys_mount /fs/namespace.c:3333 [inline] __x64_sys_mount+0xb9/0x150 /fs/namespace.c:3333 do_syscall_64+0xd0/0x530 /arch/x86/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459819 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fde4595dc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459819 RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 RBP: 000000000075bf20 R08: 00000000200002c0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fde4595e6d4 R13: 00000000004c5cc9 R14: 00000000004da570 R15: 00000000ffffffff Modules linked in: ---[ end trace 4890a3b284eb3861 ]--- RIP: 0010:kstrtoull /lib/kstrtox.c:123 [inline] RIP: 0010:kstrtouint+0x6a/0x130 /lib/kstrtox.c:222 Code: c7 45 90 f0 8e ff 82 c7 02 f1 f1 f1 f1 c7 42 04 00 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d8 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 80 00 00 00 RSP: 0018:ffff888084527a00 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff888084527a88 R08: ffff888084527cb8 R09: ffffffff872fd120 R10: 0000000000000020 R11: ffff8880aeb35efb R12: 1ffff110108a4f41 R13: ffff888084527b38 R14: ffff888084527a68 R15: ffff888084527b30