bisecting cause commit starting from a27fc14219f2e3c4a46ba9177b04d9b52c875532 building syzkaller on 829f023456746402c5e958e624a7cabf3bef2e30 testing commit a27fc14219f2e3c4a46ba9177b04d9b52c875532 with gcc (GCC) 8.1.0 kernel signature: e136c97afa2cb2c23cb1fe32c8f2fe4b73b23888 all runs: crashed: BUG: Bad rss-counter state testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 9a670fc5ae1b6788ef74634179b76520a7e5f916 run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED Location: Message:Quota 'CPUS' exceeded. Limit: 500.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect start a27fc14219f2e3c4a46ba9177b04d9b52c875532 0adb32858b0bddf4ada5f364a84ed60b196dbcda Bisecting: 6244 revisions left to test after this (roughly 13 steps) [ac9053d2dcb9e8c3fa35ce458dfca8fddc141680] Merge tag 'usb-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit ac9053d2dcb9e8c3fa35ce458dfca8fddc141680 with gcc (GCC) 8.1.0 kernel signature: 7e413b685fa24441ff30ad7dcc1ce19c5cb9cc60 run #0: crashed: BUG: Bad rss-counter state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad ac9053d2dcb9e8c3fa35ce458dfca8fddc141680 Bisecting: 3417 revisions left to test after this (roughly 12 steps) [bb2407a7219760926760f0448fddf00d625e5aec] Merge tag 'docs-4.17' of git://git.lwn.net/linux testing commit bb2407a7219760926760f0448fddf00d625e5aec with gcc (GCC) 8.1.0 kernel signature: 39b3c604e5c2600f08ac87183f6b85d2559e62a3 all runs: OK # git bisect good bb2407a7219760926760f0448fddf00d625e5aec Bisecting: 1711 revisions left to test after this (roughly 11 steps) [e2e80c027f5adab3cc44c3d07c4484291384d278] Merge tag 'rxrpc-next-20180330' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs testing commit e2e80c027f5adab3cc44c3d07c4484291384d278 with gcc (GCC) 8.1.0 kernel signature: 18425d6b18e67e24f7564745204739427539d944 all runs: OK # git bisect good e2e80c027f5adab3cc44c3d07c4484291384d278 Bisecting: 878 revisions left to test after this (roughly 10 steps) [547c43d777968228b1060b6f1b152b96215eb7b2] Merge tag 'xfs-4.17-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux testing commit 547c43d777968228b1060b6f1b152b96215eb7b2 with gcc (GCC) 8.1.0 kernel signature: 61ae5fc8069ae07378b449a83bf97ec44147ff9c run #0: crashed: BUG: Bad rss-counter state run #1: crashed: BUG: Bad rss-counter state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 547c43d777968228b1060b6f1b152b96215eb7b2 Bisecting: 416 revisions left to test after this (roughly 9 steps) [d3c449e16fc829dba347dc72106f8d28b15896f9] media: bttv-input: better handle errors at I2C transfer testing commit d3c449e16fc829dba347dc72106f8d28b15896f9 with gcc (GCC) 8.1.0 kernel signature: d4205968b1fb642a1e782d6d9926c91852b103d5 all runs: OK # git bisect good d3c449e16fc829dba347dc72106f8d28b15896f9 Bisecting: 205 revisions left to test after this (roughly 8 steps) [0734e00ef9e48e78c5c3ce1648572f160d07e323] Merge branch 'parisc-4.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux testing commit 0734e00ef9e48e78c5c3ce1648572f160d07e323 with gcc (GCC) 8.1.0 kernel signature: ef9e90182e3d43c3a37359cad3014b05381eb816 run #0: crashed: BUG: Bad rss-counter state run #1: crashed: BUG: Bad rss-counter state run #2: crashed: BUG: Bad rss-counter state run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 0734e00ef9e48e78c5c3ce1648572f160d07e323 Bisecting: 103 revisions left to test after this (roughly 7 steps) [d4069fe6fc91d496e4d1fe38b1a8b71aeb181c50] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit d4069fe6fc91d496e4d1fe38b1a8b71aeb181c50 with gcc (GCC) 8.1.0 kernel signature: 66a23e98fb9fabc97decca6070f2c09155eafb89 run #0: crashed: BUG: Bad rss-counter state run #1: crashed: BUG: Bad rss-counter state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad d4069fe6fc91d496e4d1fe38b1a8b71aeb181c50 Bisecting: 52 revisions left to test after this (roughly 6 steps) [70ae7222c61d4f19c844c8fe75f053f8976b9552] Merge branch 'inet-frags-bring-rhashtables-to-IP-defrag' testing commit 70ae7222c61d4f19c844c8fe75f053f8976b9552 with gcc (GCC) 8.1.0 kernel signature: 56104e87baa802fd93d2d40b7ce20531e591a827 all runs: OK # git bisect good 70ae7222c61d4f19c844c8fe75f053f8976b9552 Bisecting: 26 revisions left to test after this (roughly 5 steps) [44d65a47aeabc40619ad6d1900e0f54e5b5145b8] nfp: bpf: add map updates from the datapath testing commit 44d65a47aeabc40619ad6d1900e0f54e5b5145b8 with gcc (GCC) 8.1.0 kernel signature: 128e92cd185655bb958711461a9802d7a8df387b run #0: crashed: BUG: Bad rss-counter state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 44d65a47aeabc40619ad6d1900e0f54e5b5145b8 Bisecting: 12 revisions left to test after this (roughly 4 steps) [4fe43c2c00349557fdf4e6d61a67ebbe670412b8] net/wireless/iwlwifi: fix iwlwifi_dev_ucode_error tracepoint testing commit 4fe43c2c00349557fdf4e6d61a67ebbe670412b8 with gcc (GCC) 8.1.0 kernel signature: d0c19c251d71cba640dc02120643d3b56288bafe run #0: crashed: BUG: Bad rss-counter state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 4fe43c2c00349557fdf4e6d61a67ebbe670412b8 Bisecting: 6 revisions left to test after this (roughly 3 steps) [2abb5fad3a9336ea02bf832175b9e4fd5b946e47] Merge branch 'bpf-verifier-log-btf-prep' testing commit 2abb5fad3a9336ea02bf832175b9e4fd5b946e47 with gcc (GCC) 8.1.0 kernel signature: c04113142ac0921d0404d4ce438e18d04c39a23b run #0: crashed: BUG: Bad rss-counter state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 2abb5fad3a9336ea02bf832175b9e4fd5b946e47 Bisecting: 2 revisions left to test after this (roughly 2 steps) [639a53da7c8cea7e476fed5e9ce6b1fa1bcce05a] Merge branch 'bpf-print-insns-api' testing commit 639a53da7c8cea7e476fed5e9ce6b1fa1bcce05a with gcc (GCC) 8.1.0 kernel signature: 84521d7d23aeafefd128fc0939047f6fff9d31c0 run #0: crashed: BUG: Bad rss-counter state run #1: crashed: BUG: Bad rss-counter state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 639a53da7c8cea7e476fed5e9ce6b1fa1bcce05a Bisecting: 0 revisions left to test after this (roughly 1 step) [337682ca7e3cdce81fe3436bf59782d071c967e6] bpftool: Adjust to new print_bpf_insn interface testing commit 337682ca7e3cdce81fe3436bf59782d071c967e6 with gcc (GCC) 8.1.0 kernel signature: bf16dedc1f4594cee503c020bf0f67df2322b3e6 all runs: OK # git bisect good 337682ca7e3cdce81fe3436bf59782d071c967e6 639a53da7c8cea7e476fed5e9ce6b1fa1bcce05a is the first bad commit commit 639a53da7c8cea7e476fed5e9ce6b1fa1bcce05a Merge: ae06c70b1358 337682ca7e3c Author: Daniel Borkmann Date: Fri Mar 23 17:38:57 2018 +0100 Merge branch 'bpf-print-insns-api' Jiri Olsa says: ==================== This patchset removes struct bpf_verifier_env argument from print_bpf_insn function (patch 1) and changes user space bpftool user to use it that way (patch 2). ==================== Reviewed-by: Quentin Monnet Signed-off-by: Daniel Borkmann kernel/bpf/disasm.c | 52 +++++++++++++++++++-------------------- kernel/bpf/disasm.h | 5 +--- kernel/bpf/verifier.c | 44 ++++++++++++++++++++------------- tools/bpf/bpftool/xlated_dumper.c | 12 ++++----- 4 files changed, 60 insertions(+), 53 deletions(-) revisions tested: 15, total time: 3h55m5.88133498s (build: 1h14m44.39672891s, test: 2h35m44.305499942s) first bad commit: 639a53da7c8cea7e476fed5e9ce6b1fa1bcce05a Merge branch 'bpf-print-insns-api' cc: ["daniel@iogearbox.net" "quentin.monnet@netronome.com"] crash: BUG: Bad rss-counter state BUG: Bad rss-counter state mm:0000000082cb24d8 idx:1 val:1 BUG: Bad rss-counter state mm:0000000082cb24d8 idx:3 val:-1