bisecting cause commit starting from 5d1131b4d61e52e5702e0fa4bcbec81ac7d6ef52 building syzkaller on f4b7ed0781fd311fccb2dd56f306a07590d440fd testing commit 5d1131b4d61e52e5702e0fa4bcbec81ac7d6ef52 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tss_update_io_bitmap testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 5d1131b4d61e52e5702e0fa4bcbec81ac7d6ef52 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Bisecting: 14176 revisions left to test after this (roughly 14 steps) [88d0facf186c6c652c2203536fecd77089b43a4e] staging: wfx: fix potential vulnerability to spectre testing commit 88d0facf186c6c652c2203536fecd77089b43a4e with gcc (GCC) 8.1.0 all runs: OK # git bisect good 88d0facf186c6c652c2203536fecd77089b43a4e Bisecting: 6796 revisions left to test after this (roughly 13 steps) [c853673dd5c3860157060408103ceb4f86f9157e] Merge remote-tracking branch 'net-next/master' testing commit c853673dd5c3860157060408103ceb4f86f9157e with gcc (GCC) 8.1.0 all runs: OK # git bisect good c853673dd5c3860157060408103ceb4f86f9157e Bisecting: 3401 revisions left to test after this (roughly 12 steps) [38801470bb9fbd5d3798181e494b6147c0cc7d77] Merge remote-tracking branch 'battery/for-next' testing commit 38801470bb9fbd5d3798181e494b6147c0cc7d77 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 38801470bb9fbd5d3798181e494b6147c0cc7d77 Bisecting: 1709 revisions left to test after this (roughly 11 steps) [d059bc6c8c04626a46724859157d92a32c5c96b9] Merge remote-tracking branch 'phy-next/next' testing commit d059bc6c8c04626a46724859157d92a32c5c96b9 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tss_update_io_bitmap # git bisect bad d059bc6c8c04626a46724859157d92a32c5c96b9 Bisecting: 661 revisions left to test after this (roughly 10 steps) [69ccf886c2297c69f1acc89aebb9ac6a07b077c2] Merge remote-tracking branch 'tip/auto-latest' testing commit 69ccf886c2297c69f1acc89aebb9ac6a07b077c2 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tss_update_io_bitmap # git bisect bad 69ccf886c2297c69f1acc89aebb9ac6a07b077c2 Bisecting: 513 revisions left to test after this (roughly 9 steps) [8e29d1971bd0044b16322cb14139cf04875658bd] Merge branch 'perf/core' testing commit 8e29d1971bd0044b16322cb14139cf04875658bd with gcc (GCC) 8.1.0 all runs: OK # git bisect good 8e29d1971bd0044b16322cb14139cf04875658bd Bisecting: 316 revisions left to test after this (roughly 8 steps) [e59820b5a252f7187ba7e70ccaea390c37add2b3] Merge remote-tracking branch 'audit/next' testing commit e59820b5a252f7187ba7e70ccaea390c37add2b3 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e59820b5a252f7187ba7e70ccaea390c37add2b3 Bisecting: 192 revisions left to test after this (roughly 7 steps) [4cac7a4daa75541c5b26e965f57e745b66c44976] Merge remote-tracking branch 'devicetree/for-next' testing commit 4cac7a4daa75541c5b26e965f57e745b66c44976 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4cac7a4daa75541c5b26e965f57e745b66c44976 Bisecting: 96 revisions left to test after this (roughly 7 steps) [ae7c2d342a10dbef1e054482f46498b6282a1df0] spi: mediatek: add SPI_CS_HIGH support testing commit ae7c2d342a10dbef1e054482f46498b6282a1df0 with gcc (GCC) 8.1.0 all runs: OK # git bisect good ae7c2d342a10dbef1e054482f46498b6282a1df0 Bisecting: 49 revisions left to test after this (roughly 6 steps) [918e7bbfe1141c035ad79abbd6ddf3576e5360ab] Merge branch 'sched/core' testing commit 918e7bbfe1141c035ad79abbd6ddf3576e5360ab with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tss_update_io_bitmap # git bisect bad 918e7bbfe1141c035ad79abbd6ddf3576e5360ab Bisecting: 25 revisions left to test after this (roughly 5 steps) [a3ba966066afbe8fd0d3605ffe04c633083752f1] x86/entry/32: Clarify register saving in __switch_to_asm() testing commit a3ba966066afbe8fd0d3605ffe04c633083752f1 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tss_update_io_bitmap # git bisect bad a3ba966066afbe8fd0d3605ffe04c633083752f1 Bisecting: 10 revisions left to test after this (roughly 3 steps) [577d5cd7e5851d3832066cd0422475fa7db2ee17] x86/ioperm: Move iobitmap data into a struct testing commit 577d5cd7e5851d3832066cd0422475fa7db2ee17 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 577d5cd7e5851d3832066cd0422475fa7db2ee17 Bisecting: 5 revisions left to test after this (roughly 3 steps) [0907a09c2e52210a67a9616427ea71f14b37e826] selftests/x86/ioperm: Extend testing so the shared bitmap is exercised testing commit 0907a09c2e52210a67a9616427ea71f14b37e826 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0907a09c2e52210a67a9616427ea71f14b37e826 Bisecting: 2 revisions left to test after this (roughly 2 steps) [a24ca9976843156eabbc5f2d798954b5674d1b61] x86/iopl: Remove legacy IOPL option testing commit a24ca9976843156eabbc5f2d798954b5674d1b61 with gcc (GCC) 8.1.0 all runs: OK # git bisect good a24ca9976843156eabbc5f2d798954b5674d1b61 Bisecting: 0 revisions left to test after this (roughly 1 step) [e638ad00809a323cbe13dfa0952d4234d9b36732] selftests/x86/iopl: Extend test to cover IOPL emulation testing commit e638ad00809a323cbe13dfa0952d4234d9b36732 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tss_update_io_bitmap # git bisect bad e638ad00809a323cbe13dfa0952d4234d9b36732 Bisecting: 0 revisions left to test after this (roughly 0 steps) [111e7b15cf10f6e973ccf537c70c66a5de539060] x86/ioperm: Extend IOPL config to control ioperm() as well testing commit 111e7b15cf10f6e973ccf537c70c66a5de539060 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tss_update_io_bitmap # git bisect bad 111e7b15cf10f6e973ccf537c70c66a5de539060 111e7b15cf10f6e973ccf537c70c66a5de539060 is the first bad commit commit 111e7b15cf10f6e973ccf537c70c66a5de539060 Author: Thomas Gleixner Date: Tue Nov 12 21:40:33 2019 +0100 x86/ioperm: Extend IOPL config to control ioperm() as well If iopl() is disabled, then providing ioperm() does not make much sense. Rename the config option and disable/enable both syscalls with it. Guard the code with #ifdefs where appropriate. Suggested-by: Andy Lutomirski Signed-off-by: Thomas Gleixner :040000 040000 522455d5cba1c6f5e4b7e2a87602900d1f1dc216 74aba07665ddecb0bd48e5995b390227cf8ed566 M arch revisions tested: 18, total time: 4h9m10.724285763s (build: 1h48m10.886821286s, test: 2h14m58.5845443s) first bad commit: 111e7b15cf10f6e973ccf537c70c66a5de539060 x86/ioperm: Extend IOPL config to control ioperm() as well cc: ["adobriyan@gmail.com" "ak@linux.intel.com" "bigeasy@linutronix.de" "bp@alien8.de" "fenghua.yu@intel.com" "frederic@kernel.org" "hpa@zytor.com" "keescook@chromium.org" "kernelfans@gmail.com" "len.brown@intel.com" "linux-kernel@vger.kernel.org" "longman@redhat.com" "luto@kernel.org" "mingo@redhat.com" "peterz@infradead.org" "rafael.j.wysocki@intel.com" "riel@surriel.com" "tglx@linutronix.de" "tim.c.chen@linux.intel.com" "tonywwang-oc@zhaoxin.com" "wang.yi59@zte.com.cn" "x86@kernel.org"] crash: general protection fault in tss_update_io_bitmap kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 7789 Comm: syz-executor.4 Not tainted 5.4.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:tss_update_io_bitmap+0x138/0x580 arch/x86/kernel/process.c:395 Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 04 00 00 4c 89 ea 4c 8b 73 68 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 ba 03 00 00 4d 3b 75 00 74 7d 48 8d 7b 70 48 b8 RSP: 0018:ffff888080bf7e80 EFLAGS: 00010046 RAX: dffffc0000000000 RBX: ffff8880aeb0a000 RCX: ffffffff812502d8 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880aeb0a068 RBP: ffff888080bf7f10 R08: ffffed101304d009 R09: ffffed101304d009 R10: ffffed101304d008 R11: ffff888098268047 R12: 1ffff1101017efd2 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f4710e2a700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004eab00 CR3: 00000000a4f69000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: prepare_exit_to_usermode arch/x86/entry/common.c:201 [inline] syscall_return_slowpath arch/x86/entry/common.c:278 [inline] do_syscall_64+0x509/0x5f0 arch/x86/entry/common.c:304 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f4710e29c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ac RAX: 0000000000000000 RBX: 0000000000000001 RCX: 000000000045a639 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4710e2a6d4 R13: 00000000004c6c26 R14: 00000000004dc060 R15: 00000000ffffffff Modules linked in: ---[ end trace 7972505e45be151d ]--- RIP: 0010:tss_update_io_bitmap+0x138/0x580 arch/x86/kernel/process.c:395 Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 04 00 00 4c 89 ea 4c 8b 73 68 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 ba 03 00 00 4d 3b 75 00 74 7d 48 8d 7b 70 48 b8 RSP: 0018:ffff888080bf7e80 EFLAGS: 00010046 RAX: dffffc0000000000 RBX: ffff8880aeb0a000 RCX: ffffffff812502d8 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880aeb0a068 RBP: ffff888080bf7f10 R08: ffffed101304d009 R09: ffffed101304d009 R10: ffffed101304d008 R11: ffff888098268047 R12: 1ffff1101017efd2 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f4710e2a700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004eab00 CR3: 00000000a4f69000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400