bisecting cause commit starting from bef7b2a7be28638770972ab2709adf11d601c11a building syzkaller on 5ed396e666c7826bed46f06c4db1409376691fed testing commit bef7b2a7be28638770972ab2709adf11d601c11a with gcc (GCC) 8.1.0 kernel signature: 8e52b7ee2328b8d9ba89f1d78c1199927a2b16d7ecdaca666cf0e989e815d446 all runs: crashed: KASAN: slab-out-of-bounds Read in __kvm_map_gfn testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: d8719dbea4170df96f9146a0d43ac8535d38ae135bdf265f6db145f54c0c08fc run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: can't ssh into the instance # git bisect start bef7b2a7be28638770972ab2709adf11d601c11a 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 3821 revisions left to test after this (roughly 12 steps) [29d9f30d4ce6c7a38745a54a8cddface10013490] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 29d9f30d4ce6c7a38745a54a8cddface10013490 with gcc (GCC) 8.1.0 kernel signature: 9c5ab3205afcd51329fcba0bcffae2ca041d3c36f17f457de74970b9ac59e26a all runs: OK # git bisect good 29d9f30d4ce6c7a38745a54a8cddface10013490 Bisecting: 1948 revisions left to test after this (roughly 11 steps) [50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 with gcc (GCC) 8.1.0 kernel signature: bc1f5caa75612cd3b95e718c6eaf158b6e91248057872ccce5cf982747fd5ddf run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 50a5de895dbe5df947b3a695777db5b2c313e065 Bisecting: 917 revisions left to test after this (roughly 10 steps) [60347451ddb0646c1a9cc5b9581e5bcf648ad1aa] Merge tag 'drm-misc-next-2020-02-27' of git://anongit.freedesktop.org/drm/drm-misc into drm-next testing commit 60347451ddb0646c1a9cc5b9581e5bcf648ad1aa with gcc (GCC) 8.1.0 kernel signature: 60dfb6d23b4cf54e9e704fce9ee7844e106d6df6d107637817c21111213e8e09 all runs: OK # git bisect good 60347451ddb0646c1a9cc5b9581e5bcf648ad1aa Bisecting: 454 revisions left to test after this (roughly 9 steps) [d5152d359505407ff648954b068fc912978f306b] Merge tag 'drm-misc-next-2020-03-17' of git://anongit.freedesktop.org/drm/drm-misc into drm-next testing commit d5152d359505407ff648954b068fc912978f306b with gcc (GCC) 8.1.0 kernel signature: 3264b9188a0ddfa900ce27fa5515285fb1b419f8e77590e5c51f42decbf8e751 all runs: OK # git bisect good d5152d359505407ff648954b068fc912978f306b Bisecting: 243 revisions left to test after this (roughly 8 steps) [4646de87d32526ee87b46c2e0130413367fb5362] Merge tag 'mailbox-v5.7' of git://git.linaro.org/landing-teams/working/fujitsu/integration testing commit 4646de87d32526ee87b46c2e0130413367fb5362 with gcc (GCC) 8.1.0 kernel signature: 243507e828dcde92ff4726b32a7bdba481d793966891958d0109c362b83dcdb6 all runs: OK # git bisect good 4646de87d32526ee87b46c2e0130413367fb5362 Bisecting: 126 revisions left to test after this (roughly 7 steps) [c0ca5437c5098f70af51974e9e790260c18582a0] Merge tag 'amd-drm-next-5.7-2020-03-26' of git://people.freedesktop.org/~agd5f/linux into drm-next testing commit c0ca5437c5098f70af51974e9e790260c18582a0 with gcc (GCC) 8.1.0 kernel signature: b182a703395d0ec9fc9a09252fa978354754f1dcdf4d1ccc9e038927de891490 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: can't ssh into the instance # git bisect good c0ca5437c5098f70af51974e9e790260c18582a0 Bisecting: 72 revisions left to test after this (roughly 6 steps) [ffc1c20c46f74e24c3f03147688b4af6e429654a] Merge tag 'for-5.7/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm testing commit ffc1c20c46f74e24c3f03147688b4af6e429654a with gcc (GCC) 8.1.0 kernel signature: 31aed877303f157df38dba57626c333f4cdf07c4c1fdc6934a07267d04846758 all runs: OK # git bisect good ffc1c20c46f74e24c3f03147688b4af6e429654a Bisecting: 33 revisions left to test after this (roughly 5 steps) [668f1e9267415153e30bea03828c0530874e92e4] Merge tag 'linux-kselftest-kunit-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest testing commit 668f1e9267415153e30bea03828c0530874e92e4 with gcc (GCC) 8.1.0 kernel signature: 71086d2cbe7edf716cb3bd15c78c1312f00c4cec0f8a86c2767adfd7c51c6725 all runs: OK # git bisect good 668f1e9267415153e30bea03828c0530874e92e4 Bisecting: 16 revisions left to test after this (roughly 4 steps) [08ddddda667b3b7aaac10641418283f78118c5cd] mm/hmm: check the device private page owner in hmm_range_fault() testing commit 08ddddda667b3b7aaac10641418283f78118c5cd with gcc (GCC) 8.1.0 kernel signature: 6f25235944af9bb7517da93ae2059e28a5be0f8ec1cf80c67a2c6b361e31f8aa all runs: OK # git bisect good 08ddddda667b3b7aaac10641418283f78118c5cd Bisecting: 8 revisions left to test after this (roughly 3 steps) [bd5d3587b218d33d70a835582dfe1d8f8498e702] mm/hmm: return error for non-vma snapshots testing commit bd5d3587b218d33d70a835582dfe1d8f8498e702 with gcc (GCC) 8.1.0 kernel signature: 56fc689d2e14380bacbb34fc410d1e5197ef9ae5d6d47c9afcd81140392a8387 all runs: OK # git bisect good bd5d3587b218d33d70a835582dfe1d8f8498e702 Bisecting: 4 revisions left to test after this (roughly 2 steps) [3a00e7c47c382b30524e78b36ab047c16b8fcfef] ida: remove abandoned macros testing commit 3a00e7c47c382b30524e78b36ab047c16b8fcfef with gcc (GCC) 8.1.0 kernel signature: c5fc20c45465844eb88efe328ff7946ab800500d58889839dbddf8dc835d21c3 run #0: crashed: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 3a00e7c47c382b30524e78b36ab047c16b8fcfef Bisecting: 1 revision left to test after this (roughly 1 step) [c36d451ad386b34f452fc3c8621ff14b9eaa31a6] XArray: Fix xas_pause for large multi-index entries testing commit c36d451ad386b34f452fc3c8621ff14b9eaa31a6 with gcc (GCC) 8.1.0 kernel signature: a95f936d708d7d88c065dd2a60c94e738710d60f828e98d673bccd1b456b87ac all runs: OK # git bisect good c36d451ad386b34f452fc3c8621ff14b9eaa31a6 Bisecting: 0 revisions left to test after this (roughly 0 steps) [24a448b165253b6f2ab1e0bcdba9a733007681d6] XArray: Fix incorrect comment in header file testing commit 24a448b165253b6f2ab1e0bcdba9a733007681d6 with gcc (GCC) 8.1.0 kernel signature: cca09bbccede2af150ba6760a28de0805e4a6638ae6e4947e4e3df2e7fc0b419 all runs: OK # git bisect good 24a448b165253b6f2ab1e0bcdba9a733007681d6 3a00e7c47c382b30524e78b36ab047c16b8fcfef is the first bad commit commit 3a00e7c47c382b30524e78b36ab047c16b8fcfef Author: Alex Shi Date: Tue Jan 21 16:34:05 2020 +0800 ida: remove abandoned macros 3 IDA_ started macros aren't used from commit f32f004cddf8 ("ida: Convert to XArray"). so better to remove them. Signed-off-by: Alex Shi Signed-off-by: Matthew Wilcox (Oracle) lib/radix-tree.c | 8 -------- 1 file changed, 8 deletions(-) culprit signature: c5fc20c45465844eb88efe328ff7946ab800500d58889839dbddf8dc835d21c3 parent signature: cca09bbccede2af150ba6760a28de0805e4a6638ae6e4947e4e3df2e7fc0b419 revisions tested: 15, total time: 3h54m3.893664475s (build: 1h26m39.826802062s, test: 2h26m18.273564234s) first bad commit: 3a00e7c47c382b30524e78b36ab047c16b8fcfef ida: remove abandoned macros cc: ["alex.shi@linux.alibaba.com" "armijn@tjaldur.nl" "gregkh@linuxfoundation.org" "linux-kernel@vger.kernel.org" "rfontana@redhat.com" "tglx@linutronix.de" "willy@infradead.org"] crash: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks ================================================================== BUG: KASAN: vmalloc-out-of-bounds in __read_once_size include/linux/compiler.h:199 [inline] BUG: KASAN: vmalloc-out-of-bounds in rcu_seq_current kernel/rcu/rcu.h:99 [inline] BUG: KASAN: vmalloc-out-of-bounds in srcu_invoke_callbacks+0x30c/0x330 kernel/rcu/srcutree.c:1169 Read of size 8 at addr ffffc90003a86c78 by task kworker/0:34/2993 CPU: 0 PID: 2993 Comm: kworker/0:34 Not tainted 5.5.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: rcu_gp srcu_invoke_callbacks Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 print_address_description.constprop.8.cold.10+0x56/0x317 mm/kasan/report.c:374 __kasan_report.cold.11+0x1c/0x37 mm/kasan/report.c:506 kasan_report+0xe/0x20 mm/kasan/common.c:639 __read_once_size include/linux/compiler.h:199 [inline] rcu_seq_current kernel/rcu/rcu.h:99 [inline] srcu_invoke_callbacks+0x30c/0x330 kernel/rcu/srcutree.c:1169 process_one_work+0x8d1/0x15b0 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Memory state around the buggy address: ffffc90003a86b00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ffffc90003a86b80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 >ffffc90003a86c00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ^ ffffc90003a86c80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ffffc90003a86d00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ==================================================================