bisecting cause commit starting from 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 building syzkaller on c88c7b75a4e022b758f4b0f1bf3db8ebb2fb25e6 testing commit 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 with gcc (GCC) 8.1.0 kernel signature: f05e1d7b431642c87852d4e01f20354b4dc79ace038c48d93a808b6f363dc713 all runs: crashed: WARNING in idr_destroy testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 6461007207b36673f295087d80ef29f16f06c784d9568f32091d59ec341078a7 all runs: crashed: WARNING in idr_destroy testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 83d37764eaac8a89803e7f524bb37885adee14a93e3b89a81e64aac0db3c9c5a all runs: crashed: WARNING in idr_destroy testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 174e1ab327e58426c27ab61f0647f3482f4c677b72b2e8f230be943f1b3187a8 all runs: crashed: WARNING in idr_destroy testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: d04674547e5b0a9ccbe3efcc3f2028373f00b22d1e9b5302dcf7b76967383e47 all runs: OK # git bisect start 4d856f72c10ecb060868ed10ff1b1453943fc6c8 0ecfebd2b52404ae0c54a878c872bb93363ada36 Bisecting: 7848 revisions left to test after this (roughly 13 steps) [43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0 kernel signature: c969a33a6a2bc7a46128f1e6584d4cdd0993cb215308bee96e10820155c867d3 all runs: OK # git bisect good 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 Bisecting: 3922 revisions left to test after this (roughly 12 steps) [0e2a5b5bd9a6aaec85df347dd71432a1d2d10763] Merge branch 'parisc-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux testing commit 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763 with gcc (GCC) 8.1.0 kernel signature: cd19be917ac707414cd5312aea894cc7158a5a6a088b102e72cddcc19a130fd7 all runs: crashed: WARNING in idr_destroy # git bisect bad 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763 Bisecting: 2076 revisions left to test after this (roughly 11 steps) [3729fe2bc2a01f4cc1aa88be8f64af06084c87d6] Revert "Merge branch 'vmwgfx-next' of git://people.freedesktop.org/~thomash/linux into drm-next" testing commit 3729fe2bc2a01f4cc1aa88be8f64af06084c87d6 with gcc (GCC) 8.1.0 kernel signature: e13898b12b550058533dfe246282f631a56d0d79a80aa4945f14018add225657 all runs: crashed: WARNING in idr_destroy # git bisect bad 3729fe2bc2a01f4cc1aa88be8f64af06084c87d6 Bisecting: 924 revisions left to test after this (roughly 10 steps) [4009b9b589aa11d812d40b92b1f825e45efb853f] drm/amd/powerplay: move bootup value before read pptable from vbios testing commit 4009b9b589aa11d812d40b92b1f825e45efb853f with gcc (GCC) 8.1.0 kernel signature: ed2e60675e912815fdf99c7d491c9c9b3dcc550dbd01a0553d01352a71a89aa3 all runs: crashed: WARNING in idr_destroy # git bisect bad 4009b9b589aa11d812d40b92b1f825e45efb853f Bisecting: 481 revisions left to test after this (roughly 9 steps) [f5b07b04e5f090a85d1e96938520f2b2b58e4a8e] dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc testing commit f5b07b04e5f090a85d1e96938520f2b2b58e4a8e with gcc (GCC) 8.1.0 kernel signature: 27ba947a397d65754b172abdfd3971f96ca4ac90177d5a73b3204bb17629c426 all runs: crashed: WARNING in idr_destroy # git bisect bad f5b07b04e5f090a85d1e96938520f2b2b58e4a8e Bisecting: 226 revisions left to test after this (roughly 8 steps) [c0a74c732568ad347f7b3de281922808dab30504] drm/i915: Update DRIVER_DATE to 20190524 testing commit c0a74c732568ad347f7b3de281922808dab30504 with gcc (GCC) 8.1.0 kernel signature: 743d37e34e0a7e230ac143c3c178ea5be94db9a6f70571467583407a67e50c8f all runs: OK # git bisect good c0a74c732568ad347f7b3de281922808dab30504 Bisecting: 113 revisions left to test after this (roughly 7 steps) [92f080762c3f45bbcfbe35e2ac610af1ee3bb2b9] drm: Replace instances of drm_format_info by drm_get_format_info testing commit 92f080762c3f45bbcfbe35e2ac610af1ee3bb2b9 with gcc (GCC) 8.1.0 kernel signature: e823bac309c2c2733f1600bcaffaf38b06f01b602b8ffbeafca0ef15a9efcfd9 run #0: OK run #1: OK run #2: OK run #3: OK run #4: crashed: general protection fault in batadv_iv_ogm_queue_add run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 92f080762c3f45bbcfbe35e2ac610af1ee3bb2b9 Bisecting: 56 revisions left to test after this (roughly 6 steps) [9e759fc7dcd6d416f64567ae8b3b07184c60dedb] drm/stm: ltdc: manage the get_irq probe defer case testing commit 9e759fc7dcd6d416f64567ae8b3b07184c60dedb with gcc (GCC) 8.1.0 kernel signature: cd914a306f1f117e706163a36777c597f4d448c359673e47a602fb1c07060f8d all runs: OK # git bisect good 9e759fc7dcd6d416f64567ae8b3b07184c60dedb Bisecting: 28 revisions left to test after this (roughly 5 steps) [3f87330e50ac00199dea3fc54ef04ff21c60e23a] drm/ast: Replace mapping code with drm_gem_vram_{kmap/kunmap}() testing commit 3f87330e50ac00199dea3fc54ef04ff21c60e23a with gcc (GCC) 8.1.0 kernel signature: ca95408b3595d1af0321b2a4292d39bdb81787e01ce1d2b0e49dfade2408e175 run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 3f87330e50ac00199dea3fc54ef04ff21c60e23a Bisecting: 13 revisions left to test after this (roughly 4 steps) [094aa54f0f9e9185babebf95745d71b07a84321c] drm: Some ocd in drm_file.c testing commit 094aa54f0f9e9185babebf95745d71b07a84321c with gcc (GCC) 8.1.0 kernel signature: 9568fa125033b47431b441743aca2c87b9796f4135a8d05924e61df03a2e3512 all runs: OK # git bisect good 094aa54f0f9e9185babebf95745d71b07a84321c Bisecting: 6 revisions left to test after this (roughly 3 steps) [fed1eec080b9b23f5a80a0c4f19ae49a2d14c69e] drm: Add drm_gem_vram_fill_create_dumb() to create dumb buffers testing commit fed1eec080b9b23f5a80a0c4f19ae49a2d14c69e with gcc (GCC) 8.1.0 kernel signature: 781bf95317edda2b57e3e5c9737ce7c816acfb953fed706ba775324b25ce7620 all runs: OK # git bisect good fed1eec080b9b23f5a80a0c4f19ae49a2d14c69e Bisecting: 3 revisions left to test after this (roughly 2 steps) [5c9dcacfe56673555540933017c54e8f39e947cb] drm: Add default instance for VRAM MM callback functions testing commit 5c9dcacfe56673555540933017c54e8f39e947cb with gcc (GCC) 8.1.0 kernel signature: a32a9e81d206ab4cf7b790803f4e4a9be3025f9102be31b7cfd57cbb47226cc7 all runs: OK # git bisect good 5c9dcacfe56673555540933017c54e8f39e947cb Bisecting: 1 revision left to test after this (roughly 1 step) [5b3709793d151e6e12eb6a38a5da3f7fc2923d3a] drm/ast: Convert AST driver to |struct drm_gem_vram_object| testing commit 5b3709793d151e6e12eb6a38a5da3f7fc2923d3a with gcc (GCC) 8.1.0 kernel signature: 01c1a2cfbba916c6dd24fd431b7a825e3773211f4bb26e36e040e5e9c17edd8a run #0: crashed: KASAN: null-ptr-deref Read in batadv_iv_send_outstanding_bat_ogm_packet run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 5b3709793d151e6e12eb6a38a5da3f7fc2923d3a Bisecting: 0 revisions left to test after this (roughly 0 steps) [59f5989ad42b6edd089b47895986ef15259822dc] drm: Integrate VRAM MM into struct drm_device testing commit 59f5989ad42b6edd089b47895986ef15259822dc with gcc (GCC) 8.1.0 kernel signature: dbf10df431c0f628057e311c586ee2757badcee0fa36565a72264cd781a1d416 all runs: OK # git bisect good 59f5989ad42b6edd089b47895986ef15259822dc 5b3709793d151e6e12eb6a38a5da3f7fc2923d3a is the first bad commit commit 5b3709793d151e6e12eb6a38a5da3f7fc2923d3a Author: Thomas Zimmermann Date: Wed May 8 10:26:19 2019 +0200 drm/ast: Convert AST driver to |struct drm_gem_vram_object| The data structure |struct drm_gem_vram_object| and its helpers replace |struct ast_bo|. It's the same implementation; except for the type names. v4: * cleanups from checkpatch.pl Signed-off-by: Thomas Zimmermann Link: http://patchwork.freedesktop.org/patch/msgid/20190508082630.15116-10-tzimmermann@suse.de Signed-off-by: Gerd Hoffmann drivers/gpu/drm/ast/Kconfig | 2 +- drivers/gpu/drm/ast/ast_drv.c | 5 +- drivers/gpu/drm/ast/ast_drv.h | 52 +------------ drivers/gpu/drm/ast/ast_fb.c | 23 +++--- drivers/gpu/drm/ast/ast_main.c | 74 +++--------------- drivers/gpu/drm/ast/ast_mode.c | 78 +++++++++++-------- drivers/gpu/drm/ast/ast_ttm.c | 172 +---------------------------------------- 7 files changed, 75 insertions(+), 331 deletions(-) culprit signature: 01c1a2cfbba916c6dd24fd431b7a825e3773211f4bb26e36e040e5e9c17edd8a parent signature: dbf10df431c0f628057e311c586ee2757badcee0fa36565a72264cd781a1d416 revisions tested: 19, total time: 4h32m10.640781537s (build: 1h59m29.018899174s, test: 2h30m57.786463795s) first bad commit: 5b3709793d151e6e12eb6a38a5da3f7fc2923d3a drm/ast: Convert AST driver to |struct drm_gem_vram_object| cc: ["airlied@linux.ie" "airlied@redhat.com" "alexander.deucher@amd.com" "christian.koenig@amd.com" "daniel@ffwll.ch" "dri-devel@lists.freedesktop.org" "gregkh@linuxfoundation.org" "hdegoede@redhat.com" "kraxel@redhat.com" "linux-kernel@vger.kernel.org" "noralf@tronnes.org" "tglx@linutronix.de" "tzimmermann@suse.de"] crash: KASAN: null-ptr-deref Read in batadv_iv_send_outstanding_bat_ogm_packet ================================================================== BUG: KASAN: null-ptr-deref in atomic_read include/asm-generic/atomic-instrumented.h:26 [inline] BUG: KASAN: null-ptr-deref in batadv_iv_send_outstanding_bat_ogm_packet+0x7f/0x790 net/batman-adv/bat_iv_ogm.c:1664 Read of size 4 at addr 0000000000000a80 by task kworker/u4:1/21 CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.1.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 kasan_report.cold.6+0x5/0x39 mm/kasan/report.c:321 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/generic.c:191 kasan_check_read+0x11/0x20 mm/kasan/common.c:102 atomic_read include/asm-generic/atomic-instrumented.h:26 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x7f/0x790 net/batman-adv/bat_iv_ogm.c:1664 process_one_work+0x830/0x16a0 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x324/0x3e0 kernel/kthread.c:253 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.1.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 panic+0x212/0x40b kernel/panic.c:214 end_report+0x47/0x4f mm/kasan/report.c:95 kasan_report.cold.6+0xe/0x39 mm/kasan/report.c:324 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/generic.c:191 kasan_check_read+0x11/0x20 mm/kasan/common.c:102 atomic_read include/asm-generic/atomic-instrumented.h:26 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x7f/0x790 net/batman-adv/bat_iv_ogm.c:1664 process_one_work+0x830/0x16a0 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x324/0x3e0 kernel/kthread.c:253 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds..