bisecting cause commit starting from b9ad3e9f5a7a760ab068e33e1f18d240ba32ce92 building syzkaller on 0d27f508b6b35d3b12b9fafebd40a1f36950c8f3 testing commit b9ad3e9f5a7a760ab068e33e1f18d240ba32ce92 with gcc (GCC) 8.1.0 kernel signature: 6317e273a021ee0dbfc6f4a7b9dda77b705f73ac460cab53a147f1fe826e8d09 all runs: crashed: BUG: receive list entry not found for dev vcan0, id 001, mask C00007FF testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 1b5b3de9b55a7181ffba9b6457a83807d531a3bbd536e6c35bc5192c1659ed42 all runs: OK # git bisect start b9ad3e9f5a7a760ab068e33e1f18d240ba32ce92 bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 8515 revisions left to test after this (roughly 13 steps) [4d0e9df5e43dba52d38b251e3b909df8fa1110be] lib, uaccess: add failure injection to usercopy functions testing commit 4d0e9df5e43dba52d38b251e3b909df8fa1110be with gcc (GCC) 8.1.0 kernel signature: a52a98b329f6a203156f64afcc30b96dee8c44a13b088936ec256ec472c53fe6 all runs: OK # git bisect good 4d0e9df5e43dba52d38b251e3b909df8fa1110be Bisecting: 4277 revisions left to test after this (roughly 12 steps) [f9915b964c25193a6be1aed744c946d6ff177149] Merge tag 'drm-next-2020-10-19' of git://anongit.freedesktop.org/drm/drm testing commit f9915b964c25193a6be1aed744c946d6ff177149 with gcc (GCC) 8.1.0 kernel signature: 423d5127997d09c380ff4dd86ab60a34a0babae14eb2aa62607a08381fca1df2 all runs: crashed: BUG: receive list entry not found for dev vcan0, id 001, mask C00007FF # git bisect bad f9915b964c25193a6be1aed744c946d6ff177149 Bisecting: 2137 revisions left to test after this (roughly 11 steps) [7c89d9d9f90931f170e510e9e4b84d9dafdd616a] Merge branch 'net-ravb-Add-support-for-explicit-internal-clock-delay-c onfiguration' testing commit 7c89d9d9f90931f170e510e9e4b84d9dafdd616a with gcc (GCC) 8.1.0 kernel signature: af95c7fedbce97dbc4772ecc6b05a7e08309ded7b7508eb225c5d9bdf58479e9 all runs: OK # git bisect good 7c89d9d9f90931f170e510e9e4b84d9dafdd616a Bisecting: 1091 revisions left to test after this (roughly 10 steps) [96685f8666714233d34abb71b242448c80077536] Merge tag 'powerpc-5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit 96685f8666714233d34abb71b242448c80077536 with gcc (GCC) 8.1.0 kernel signature: a8d11c57b8e467743196c647a95a90e3a0e5904dfeef3af5f891dc5e28f7d881 all runs: crashed: BUG: receive list entry not found for dev vcan0, id 001, mask C00007FF # git bisect bad 96685f8666714233d34abb71b242448c80077536 Bisecting: 522 revisions left to test after this (roughly 9 steps) [71b77a7a27a3388c97e754a2c4e282df3f568fd7] enetc: Migrate to PHYLINK and PCS_LYNX testing commit 71b77a7a27a3388c97e754a2c4e282df3f568fd7 with gcc (GCC) 8.1.0 kernel signature: 1ff4381464463bdabb437a7a76b7b295c953344792737ea7488753fb586f5d64 all runs: OK # git bisect good 71b77a7a27a3388c97e754a2c4e282df3f568fd7 Bisecting: 232 revisions left to test after this (roughly 8 steps) [9ff9b0d392ea08090cd1780fb196f36dbb586529] Merge tag 'net-next-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 9ff9b0d392ea08090cd1780fb196f36dbb586529 with gcc (GCC) 8.1.0 kernel signature: 2427fdd20dd1aa7a1ef6d3fe7a382e62f7fdf3ad2869db99e5350d8234c23740 all runs: OK # git bisect good 9ff9b0d392ea08090cd1780fb196f36dbb586529 Bisecting: 116 revisions left to test after this (roughly 7 steps) [79b123cdf9cf0d4a1620baa8c611962626323a08] powerepc/book3s64/hash: Align start/end address correctly with bolt mapping testing commit 79b123cdf9cf0d4a1620baa8c611962626323a08 with gcc (GCC) 8.1.0 kernel signature: 06d84a687e23be294dd459b1075eb8f3ab80c0f0a0c7d2eb25f259f0cffe4732 all runs: OK # git bisect good 79b123cdf9cf0d4a1620baa8c611962626323a08 Bisecting: 58 revisions left to test after this (roughly 6 steps) [82a1ea21f1bac42eb8e3f77d5d249201855f2c85] powerpc/powernv: Stop using eeh_ops->init() testing commit 82a1ea21f1bac42eb8e3f77d5d249201855f2c85 with gcc (GCC) 8.1.0 kernel signature: 08501447536d9f3542d37bb9ea5e2729e373b92dd66c5e8123c5dd18ae9c30dd all runs: OK # git bisect good 82a1ea21f1bac42eb8e3f77d5d249201855f2c85 Bisecting: 29 revisions left to test after this (roughly 5 steps) [dcb5cdf60a1fbbdb3b4dd2abc562206481f09ef1] powerpc/perf/hv-gpci: Add cpu hotplug support testing commit dcb5cdf60a1fbbdb3b4dd2abc562206481f09ef1 with gcc (GCC) 8.1.0 kernel signature: b037ec2f8fe10aa9cbac43c397055bf8aa9698163671fa86765e5881e1210311 all runs: OK # git bisect good dcb5cdf60a1fbbdb3b4dd2abc562206481f09ef1 Bisecting: 14 revisions left to test after this (roughly 4 steps) [6601ec1c2ba929430f5585ce7f9d9960b0e0a01d] powerpc: Remove get_tb_or_rtc() testing commit 6601ec1c2ba929430f5585ce7f9d9960b0e0a01d with gcc (GCC) 8.1.0 kernel signature: b037ec2f8fe10aa9cbac43c397055bf8aa9698163671fa86765e5881e1210311 all runs: OK # git bisect good 6601ec1c2ba929430f5585ce7f9d9960b0e0a01d Bisecting: 7 revisions left to test after this (roughly 3 steps) [942e89115b588b4b5df86930b5302a5c07b820ba] powerpc/time: Avoid using get_tbl() and get_tbu() internally testing commit 942e89115b588b4b5df86930b5302a5c07b820ba with gcc (GCC) 8.1.0 kernel signature: b037ec2f8fe10aa9cbac43c397055bf8aa9698163671fa86765e5881e1210311 all runs: OK # git bisect good 942e89115b588b4b5df86930b5302a5c07b820ba Bisecting: 3 revisions left to test after this (roughly 2 steps) [a2d0230b91f7e23ceb5d8fb6a9799f30517ec33a] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier testing commit a2d0230b91f7e23ceb5d8fb6a9799f30517ec33a with gcc (GCC) 8.1.0 kernel signature: b037ec2f8fe10aa9cbac43c397055bf8aa9698163671fa86765e5881e1210311 all runs: OK # git bisect good a2d0230b91f7e23ceb5d8fb6a9799f30517ec33a Bisecting: 1 revision left to test after this (roughly 1 step) [ffd0b25ca049a477cb757e5bcf2d5e1664d12e5d] Revert "powerpc/pci: unmap legacy INTx interrupts when a PHB is removed" testing commit ffd0b25ca049a477cb757e5bcf2d5e1664d12e5d with gcc (GCC) 8.1.0 kernel signature: b037ec2f8fe10aa9cbac43c397055bf8aa9698163671fa86765e5881e1210311 all runs: OK # git bisect good ffd0b25ca049a477cb757e5bcf2d5e1664d12e5d Bisecting: 0 revisions left to test after this (roughly 0 steps) [c4cf498dc0241fa2d758dba177634268446afb06] Merge branch 'akpm' (patches from Andrew) testing commit c4cf498dc0241fa2d758dba177634268446afb06 with gcc (GCC) 8.1.0 kernel signature: 01688f25b32dec3fb7848d7321ddaca890dacc94ee7e3ce6dbe4c6c11873baef all runs: crashed: BUG: receive list entry not found for dev vcan0, id 001, mask C00007FF # git bisect bad c4cf498dc0241fa2d758dba177634268446afb06 c4cf498dc0241fa2d758dba177634268446afb06 is the first bad commit commit c4cf498dc0241fa2d758dba177634268446afb06 Merge: 9ff9b0d392ea 4d0e9df5e43d Author: Linus Torvalds Date: Fri Oct 16 11:31:55 2020 -0700 Merge branch 'akpm' (patches from Andrew) Merge more updates from Andrew Morton: "155 patches. Subsystems affected by this patch series: mm (dax, debug, thp, readahead, page-poison, util, memory-hotplug, zram, cleanups), misc, core-kernel, get_maintainer, MAINTAINERS, lib, bitops, checkpatch, binfmt, ramfs, autofs, nilfs, rapidio, panic, relay, kgdb, ubsan, romfs, and fault-injection" * emailed patches from Andrew Morton : (155 commits) lib, uaccess: add failure injection to usercopy functions lib, include/linux: add usercopy failure capability ROMFS: support inode blocks calculation ubsan: introduce CONFIG_UBSAN_LOCAL_BOUNDS for Clang sched.h: drop in_ubsan field when UBSAN is in trap mode scripts/gdb/tasks: add headers and improve spacing format scripts/gdb/proc: add struct mount & struct super_block addr in lx-mounts command kernel/relay.c: drop unneeded initialization panic: dump registers on panic_on_warn rapidio: fix the missed put_device() for rio_mport_add_riodev rapidio: fix error handling path nilfs2: fix some kernel-doc warnings for nilfs2 autofs: harden ioctl table ramfs: fix nommu mmap with gaps in the page cache mm: remove the now-unnecessary mmget_still_valid() hack mm/gup: take mmap_lock in get_dump_page() binfmt_elf, binfmt_elf_fdpic: use a VMA list snapshot coredump: rework elf/elf_fdpic vma_dump_size() into common helper coredump: refactor page range dumping into common helper coredump: let dump_emit() bail out on short writes ... .mailmap | 1 + Documentation/admin-guide/kernel-parameters.txt | 1 + Documentation/core-api/xarray.rst | 16 +- Documentation/fault-injection/fault-injection.rst | 7 +- MAINTAINERS | 6 +- arch/ia64/mm/init.c | 4 +- arch/powerpc/include/asm/book3s/64/pgtable.h | 29 +- arch/powerpc/include/asm/nohash/pgtable.h | 5 - arch/powerpc/mm/pgtable.c | 5 - arch/powerpc/platforms/powernv/memtrace.c | 2 +- arch/powerpc/platforms/pseries/hotplug-memory.c | 2 +- drivers/acpi/acpi_memhotplug.c | 3 +- drivers/base/memory.c | 3 +- drivers/base/node.c | 33 ++- drivers/block/zram/zram_drv.c | 2 +- drivers/dax/kmem.c | 50 ++-- drivers/hv/hv_balloon.c | 2 +- drivers/infiniband/core/uverbs_main.c | 3 - drivers/rapidio/devices/rio_mport_cdev.c | 18 +- drivers/s390/char/sclp_cmd.c | 2 +- drivers/vfio/pci/vfio_pci.c | 38 ++- drivers/virtio/virtio_mem.c | 3 +- drivers/xen/balloon.c | 2 +- fs/autofs/dev-ioctl.c | 8 +- fs/binfmt_elf.c | 263 ++++-------------- fs/binfmt_elf_fdpic.c | 162 ++--------- fs/configfs/dir.c | 2 +- fs/configfs/file.c | 2 +- fs/coredump.c | 236 +++++++++++++++- fs/ext4/verity.c | 4 +- fs/f2fs/verity.c | 4 +- fs/inode.c | 2 + fs/nilfs2/bmap.c | 2 +- fs/nilfs2/cpfile.c | 6 +- fs/nilfs2/page.c | 1 - fs/nilfs2/sufile.c | 4 +- fs/proc/task_mmu.c | 18 -- fs/ramfs/file-nommu.c | 2 +- fs/romfs/super.c | 1 + fs/userfaultfd.c | 28 +- include/linux/bitops.h | 13 +- include/linux/blkdev.h | 1 + include/linux/bvec.h | 6 +- include/linux/coredump.h | 11 + include/linux/fault-inject-usercopy.h | 22 ++ include/linux/fs.h | 28 +- include/linux/idr.h | 13 +- include/linux/ioport.h | 11 +- include/linux/jiffies.h | 3 +- include/linux/kernel.h | 150 +---------- include/linux/list.h | 29 +- include/linux/memory_hotplug.h | 42 +-- include/linux/minmax.h | 153 +++++++++++ include/linux/mm.h | 5 +- include/linux/mmzone.h | 17 +- include/linux/node.h | 16 +- include/linux/nodemask.h | 2 +- include/linux/page-flags.h | 6 +- include/linux/page_owner.h | 6 +- include/linux/pagemap.h | 107 +++++++- include/linux/sched.h | 2 +- include/linux/sched/mm.h | 25 -- include/linux/uaccess.h | 12 +- include/linux/vmstat.h | 2 +- include/linux/xarray.h | 22 ++ include/ras/ras_event.h | 3 + kernel/acct.c | 10 +- kernel/cgroup/cpuset.c | 2 +- kernel/dma/direct.c | 2 +- kernel/fork.c | 4 +- kernel/futex.c | 2 +- kernel/irq/timings.c | 2 +- kernel/jump_label.c | 2 +- kernel/kcsan/encoding.h | 2 +- kernel/kexec_core.c | 2 +- kernel/kexec_file.c | 2 +- kernel/kthread.c | 2 +- kernel/livepatch/state.c | 2 +- kernel/panic.c | 12 +- kernel/pid_namespace.c | 2 +- kernel/power/snapshot.c | 2 +- kernel/range.c | 3 +- kernel/relay.c | 2 +- kernel/resource.c | 110 ++++++-- kernel/smp.c | 2 +- kernel/sys.c | 2 +- kernel/user_namespace.c | 2 +- lib/Kconfig.debug | 7 + lib/Kconfig.ubsan | 14 + lib/Makefile | 1 + lib/bitmap.c | 2 +- lib/crc32.c | 2 +- lib/decompress_bunzip2.c | 2 +- lib/dynamic_queue_limits.c | 4 +- lib/earlycpio.c | 2 +- lib/fault-inject-usercopy.c | 39 +++ lib/find_bit.c | 1 + lib/hexdump.c | 1 + lib/idr.c | 9 +- lib/iov_iter.c | 5 + lib/libcrc32c.c | 2 +- lib/math/rational.c | 2 +- lib/math/reciprocal_div.c | 1 + lib/mpi/mpi-bit.c | 2 +- lib/percpu_counter.c | 2 +- lib/radix-tree.c | 2 +- lib/scatterlist.c | 2 +- lib/strncpy_from_user.c | 3 + lib/syscall.c | 2 +- lib/test_hmm.c | 2 +- lib/test_sysctl.c | 2 +- lib/test_xarray.c | 65 +++++ lib/usercopy.c | 5 +- lib/xarray.c | 208 ++++++++++++++- mm/Kconfig | 2 +- mm/compaction.c | 6 +- mm/debug_vm_pgtable.c | 207 +++++++------- mm/filemap.c | 58 ++-- mm/gup.c | 61 +++-- mm/highmem.c | 4 +- mm/huge_memory.c | 45 ++-- mm/hwpoison-inject.c | 18 +- mm/internal.h | 27 +- mm/khugepaged.c | 2 +- mm/madvise.c | 52 +--- mm/memory-failure.c | 311 ++++++++++------------ mm/memory.c | 7 +- mm/memory_hotplug.c | 211 ++++++--------- mm/memremap.c | 3 +- mm/migrate.c | 11 +- mm/mmap.c | 7 +- mm/mmu_notifier.c | 2 +- mm/page-writeback.c | 1 + mm/page_alloc.c | 241 +++++++++++------ mm/page_isolation.c | 16 +- mm/page_owner.c | 10 +- mm/page_poison.c | 20 +- mm/page_reporting.c | 4 +- mm/readahead.c | 130 ++++----- mm/rmap.c | 10 +- mm/shmem.c | 2 +- mm/shuffle.c | 2 +- mm/slab.c | 2 +- mm/slab.h | 1 - mm/slub.c | 2 +- mm/sparse.c | 2 + mm/swap_state.c | 2 +- mm/truncate.c | 6 +- mm/util.c | 3 +- mm/vmscan.c | 5 +- mm/vmstat.c | 8 +- mm/workingset.c | 2 +- scripts/Makefile.ubsan | 10 +- scripts/checkpatch.pl | 238 ++++++++++++----- scripts/const_structs.checkpatch | 3 + scripts/gdb/linux/proc.py | 15 +- scripts/gdb/linux/tasks.py | 9 +- scripts/get_maintainer.pl | 9 +- tools/testing/selftests/exec/.gitignore | 1 + tools/testing/selftests/exec/Makefile | 9 +- tools/testing/selftests/exec/load_address.c | 68 +++++ 161 files changed, 2390 insertions(+), 1724 deletions(-) create mode 100644 include/linux/fault-inject-usercopy.h create mode 100644 include/linux/minmax.h create mode 100644 lib/fault-inject-usercopy.c create mode 100644 tools/testing/selftests/exec/load_address.c revisions tested: 16, total time: 3h18m48.176090153s (build: 1h10m50.089590629s, test: 2h6m5.893572846s) first bad commit: c4cf498dc0241fa2d758dba177634268446afb06 Merge branch 'akpm' (patches from Andrew) recipients (to): ["akpm@linux-foundation.org" "clang-built-linux@googlegroups.com" "linux-mm@kvack.org" "natechancellor@gmail.com" "ndesaulniers@google.com" "torvalds@linux-foundation.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: BUG: receive list entry not found for dev vcan0, id 001, mask C00007FF ------------[ cut here ]------------ BUG: receive list entry not found for dev vcan0, id 001, mask C00007FF WARNING: CPU: 1 PID: 10295 at net/can/af_can.c:547 can_rx_unregister+0x1b1/0x200 net/can/af_can.c:546 Modules linked in: CPU: 1 PID: 10295 Comm: syz-executor.5 Not tainted 5.9.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:can_rx_unregister+0x1b1/0x200 net/can/af_can.c:546 Code: 18 4c 8b 4c 24 08 48 85 db 0f 85 fb fe ff ff 8b 4c 24 10 8b 54 24 14 48 c7 c6 45 b9 7b 84 48 c7 c7 08 62 79 84 e8 21 4b 3f 00 <0f> 0b 4c 89 e7 e8 95 e9 55 00 e9 75 fe ff ff 8b 4c 24 10 8b 54 24 RSP: 0018:ffffc90002f2fd78 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000202 RDX: 0000000000000202 RSI: ffffffff84716036 RDI: 00000000ffffffff RBP: ffff888113f90000 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000001 R11: ffffc90002f2fb98 R12: ffff88810f557188 R13: ffff88810c866420 R14: ffff888113f90c00 R15: 0000000000000000 FS: 000000000227f940(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005618521c9e28 CR3: 000000011f0bf000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: isotp_notifier+0xd4/0x100 net/can/isotp.c:1301 call_netdevice_notifier net/core/dev.c:1734 [inline] call_netdevice_unregister_notifiers+0x76/0xa0 net/core/dev.c:1762 call_netdevice_unregister_net_notifiers net/core/dev.c:1790 [inline] unregister_netdevice_notifier+0x6a/0xb0 net/core/dev.c:1869 isotp_release+0x5a/0x1f0 net/can/isotp.c:1009 __sock_release+0x32/0xa0 net/socket.c:596 sock_close+0xf/0x20 net/socket.c:1277 __fput+0xaa/0x250 fs/file_table.c:281 task_work_run+0x68/0xb0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x1d3/0x1e0 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x38/0x260 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x417811 Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007ffd57e5ccc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000417811 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffd57e5cda0 R11: 0000000000000293 R12: 000000000118c9a0 R13: 000000000118c9a0 R14: 00000000000003e8 R15: 000000000118bf2c