bisecting cause commit starting from 7ae77150d94d3b535c7b85e6b3647113095e79bf building syzkaller on 54566aff1679fc74487d3efb9f7bbfbc21beed4b testing commit 7ae77150d94d3b535c7b85e6b3647113095e79bf with gcc (GCC) 8.1.0 kernel signature: 9e04df9f6e133faac5b05598c9079bac445b44bb23519727f322f0e93da413e3 all runs: crashed: general protection fault in __apic_accept_irq testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: e4f3b32cb701cbc7870bda521b6fd1f864b5f48b024b882d975df171c89ba53b all runs: OK # git bisect start 7ae77150d94d3b535c7b85e6b3647113095e79bf 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 Bisecting: 5798 revisions left to test after this (roughly 12 steps) [2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63] Merge branch 'uaccess.comedi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 with gcc (GCC) 8.1.0 kernel signature: 0547064c1c552570437205d0eb9aa126203819b7a86eb35e2471782faacb7bfe all runs: crashed: general protection fault in __apic_accept_irq # git bisect bad 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 Bisecting: 2658 revisions left to test after this (roughly 11 steps) [cfa3b8068b09f25037146bfd5eed041b78878bee] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit cfa3b8068b09f25037146bfd5eed041b78878bee with gcc (GCC) 8.1.0 kernel signature: 6201594304d1a747483f5dbd03041828e15c8d921e1d5da72884e34be3f9efed all runs: OK # git bisect good cfa3b8068b09f25037146bfd5eed041b78878bee Bisecting: 1328 revisions left to test after this (roughly 10 steps) [c41219fda6e04255c44d37fd2c0d898c1c46abf1] Merge tag 'drm-intel-next-fixes-2020-05-20' of git://anongit.freedesktop.org/drm/drm-intel into drm-next testing commit c41219fda6e04255c44d37fd2c0d898c1c46abf1 with gcc (GCC) 8.1.0 kernel signature: 2200ce4a19508c6c0789d74de26d9fe375ed02214fe6a913a4ac85d83ec66132 all runs: OK # git bisect good c41219fda6e04255c44d37fd2c0d898c1c46abf1 Bisecting: 602 revisions left to test after this (roughly 9 steps) [f3cdc8ae116e27d84e1f33c7a2995960cebb73ac] Merge tag 'for-5.8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit f3cdc8ae116e27d84e1f33c7a2995960cebb73ac with gcc (GCC) 8.1.0 kernel signature: 7c4b67b65cdb60d37cb422b7588cf6749570e167e1ad2c365ed56f8d97013d41 all runs: OK # git bisect good f3cdc8ae116e27d84e1f33c7a2995960cebb73ac Bisecting: 311 revisions left to test after this (roughly 8 steps) [f1e455352b6f503532eb3637d0a6d991895e7856] Merge tag 'kgdb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux testing commit f1e455352b6f503532eb3637d0a6d991895e7856 with gcc (GCC) 8.1.0 kernel signature: db0f7cc27a0a359c3b96d356a21345b2eb2925151fa66bd719ee187c8c75acfa run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad f1e455352b6f503532eb3637d0a6d991895e7856 Bisecting: 147 revisions left to test after this (roughly 7 steps) [9bd0bd264578fe191bf5d2ff23f9887b91862536] MIPS: ralink: drop ralink_clk_init for mt7621 testing commit 9bd0bd264578fe191bf5d2ff23f9887b91862536 with gcc (GCC) 8.1.0 kernel signature: 25d9760f277ced20404867fa710d4a94ba2183b62e383af7a00e7a63619583a4 all runs: OK # git bisect good 9bd0bd264578fe191bf5d2ff23f9887b91862536 Bisecting: 81 revisions left to test after this (roughly 6 steps) [f6aee505c71bbb035dde146caf5a6abbf3ccbe47] Merge tag 'x86-timers-2020-06-03' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit f6aee505c71bbb035dde146caf5a6abbf3ccbe47 with gcc (GCC) 8.1.0 kernel signature: 580dc2dec9a9c28d98f16923d4d27073017813e4b360116b941eb0265f98cda7 all runs: OK # git bisect good f6aee505c71bbb035dde146caf5a6abbf3ccbe47 Bisecting: 41 revisions left to test after this (roughly 5 steps) [d479c5a1919b4e569dcd3ae9c84ed74a675d0b94] Merge tag 'sched-core-2020-06-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit d479c5a1919b4e569dcd3ae9c84ed74a675d0b94 with gcc (GCC) 8.1.0 kernel signature: b4a9b83645631b77fc46a986833a2575909822b67c61f8567ba153f9e867157c all runs: OK # git bisect good d479c5a1919b4e569dcd3ae9c84ed74a675d0b94 Bisecting: 19 revisions left to test after this (roughly 4 steps) [38696e33e2bdf91cbbc7a2291dc6db862d9dfd42] Merge tag 'xtensa-20200603' of git://github.com/jcmvbkbc/linux-xtensa testing commit 38696e33e2bdf91cbbc7a2291dc6db862d9dfd42 with gcc (GCC) 8.1.0 kernel signature: fb693ea067da82f44e52223dc69c4e0dc300fae85a1a9273c1361b996d042139 all runs: OK # git bisect good 38696e33e2bdf91cbbc7a2291dc6db862d9dfd42 Bisecting: 9 revisions left to test after this (roughly 3 steps) [220995622da5317714b5fe659165735f7b44b87e] kgdboc: Add kgdboc_earlycon to support early kgdb using boot consoles testing commit 220995622da5317714b5fe659165735f7b44b87e with gcc (GCC) 8.1.0 kernel signature: 7e46170813059d34fe560d8fd1d793e7310a3a073a975b348e35103f4e9e75a3 all runs: OK # git bisect good 220995622da5317714b5fe659165735f7b44b87e Bisecting: 4 revisions left to test after this (roughly 2 steps) [205b5bdda2090d4730dabf9c0d9646cb32f2551d] serial: qcom_geni_serial: Support kgdboc_earlycon testing commit 205b5bdda2090d4730dabf9c0d9646cb32f2551d with gcc (GCC) 8.1.0 kernel signature: 1683555ab2273bc25a1bdb5a367c5c5458b91e198bcef63190f0670a13154a55 all runs: OK # git bisect good 205b5bdda2090d4730dabf9c0d9646cb32f2551d Bisecting: 2 revisions left to test after this (roughly 1 step) [195867ffea13b755dc727b47eaa5beb0ffa6e0ce] serial: amba-pl011: Support kgdboc_earlycon testing commit 195867ffea13b755dc727b47eaa5beb0ffa6e0ce with gcc (GCC) 8.1.0 kernel signature: fbfbd8e880484f19610d33abac213520c9fbd2ce0e7c2d6eece46ad0394e8f3d all runs: OK # git bisect good 195867ffea13b755dc727b47eaa5beb0ffa6e0ce Bisecting: 0 revisions left to test after this (roughly 1 step) [c893de12e1ef17b581eb2cf8fc9018ec0cbd07df] kdb: Remove the misfeature 'KDBFLAGS' testing commit c893de12e1ef17b581eb2cf8fc9018ec0cbd07df with gcc (GCC) 8.1.0 kernel signature: d2b47c3a95def20694b553c90d8c44a78e88e62bbd5424f7a23f8658823f8d75 all runs: OK # git bisect good c893de12e1ef17b581eb2cf8fc9018ec0cbd07df f1e455352b6f503532eb3637d0a6d991895e7856 is the first bad commit commit f1e455352b6f503532eb3637d0a6d991895e7856 Merge: 38696e33e2bd c893de12e1ef Author: Linus Torvalds Date: Wed Jun 3 14:57:03 2020 -0700 Merge tag 'kgdb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux Pull kgdb updates from Daniel Thompson: "By far the biggest change in this cycle are the changes that allow much earlier debug of systems that are hooked up via UART by taking advantage of the earlycon framework to implement the kgdb I/O hooks before handing over to the regular polling I/O drivers once they are available. When discussing Doug's work we also found and fixed an broken raw_smp_processor_id() sequence in in_dbg_master(). Also included are a collection of much smaller fixes and tweaks: a couple of tweaks to ged rid of doc gen or coccicheck warnings, future proof some internal calculations that made implicit power-of-2 assumptions and eliminate some rather weird handling of magic environment variables in kdb" * tag 'kgdb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux: kdb: Remove the misfeature 'KDBFLAGS' kdb: Cleanup math with KDB_CMD_HISTORY_COUNT serial: amba-pl011: Support kgdboc_earlycon serial: 8250_early: Support kgdboc_earlycon serial: qcom_geni_serial: Support kgdboc_earlycon serial: kgdboc: Allow earlycon initialization to be deferred Documentation: kgdboc: Document new kgdboc_earlycon parameter kgdb: Don't call the deinit under spinlock kgdboc: Disable all the early code when kgdboc is a module kgdboc: Add kgdboc_earlycon to support early kgdb using boot consoles kgdboc: Remove useless #ifdef CONFIG_KGDB_SERIAL_CONSOLE in kgdboc kgdb: Prevent infinite recursive entries to the debugger kgdb: Delay "kgdbwait" to dbg_late_init() by default kgdboc: Use a platform device to handle tty drivers showing up late Revert "kgdboc: disable the console lock when in kgdb" kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb kgdb: Return true in kgdb_nmi_poll_knock() kgdb: Drop malformed kernel doc comment kgdb: Fix spurious true from in_dbg_master() Documentation/admin-guide/kernel-parameters.txt | 20 ++ Documentation/dev-tools/kgdb.rst | 24 ++ arch/x86/Kconfig | 1 + drivers/tty/serial/8250/8250_early.c | 23 ++ drivers/tty/serial/amba-pl011.c | 32 +++ drivers/tty/serial/kgdboc.c | 318 +++++++++++++++++++++--- drivers/tty/serial/qcom_geni_serial.c | 32 +++ include/linux/kdb.h | 2 +- include/linux/kgdb.h | 8 +- kernel/debug/debug_core.c | 57 +++-- kernel/debug/kdb/kdb_main.c | 11 +- lib/Kconfig.kgdb | 18 ++ 12 files changed, 490 insertions(+), 56 deletions(-) revisions tested: 15, total time: 3h51m58.259317674s (build: 1h30m38.007059581s, test: 2h19m22.155261067s) first bad commit: f1e455352b6f503532eb3637d0a6d991895e7856 Merge tag 'kgdb-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux cc: ["torvalds@linux-foundation.org"] crash: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks ================================================================== BUG: KASAN: vmalloc-out-of-bounds in __read_once_size include/linux/compiler.h:252 [inline] BUG: KASAN: vmalloc-out-of-bounds in rcu_seq_current kernel/rcu/rcu.h:99 [inline] BUG: KASAN: vmalloc-out-of-bounds in srcu_invoke_callbacks+0x2fe/0x320 kernel/rcu/srcutree.c:1185 Read of size 8 at addr ffffc90002bbae00 by task kworker/0:9/3840 CPU: 0 PID: 3840 Comm: kworker/0:9 Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: rcu_gp srcu_invoke_callbacks Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 print_address_description.constprop.8.cold.10+0x56/0x41e mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold.11+0x1f/0x37 mm/kasan/report.c:530 __read_once_size include/linux/compiler.h:252 [inline] rcu_seq_current kernel/rcu/rcu.h:99 [inline] srcu_invoke_callbacks+0x2fe/0x320 kernel/rcu/srcutree.c:1185 process_one_work+0x908/0x15d0 kernel/workqueue.c:2268 worker_thread+0x82/0xb50 kernel/workqueue.c:2414 kthread+0x340/0x410 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351 Memory state around the buggy address: ffffc90002bbad00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ffffc90002bbad80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 >ffffc90002bbae00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ^ ffffc90002bbae80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ffffc90002bbaf00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ==================================================================