bisecting cause commit starting from a9e26cb5f2615cd638f911ea96d4fff5b4d93690 building syzkaller on c090b4da255257841173fb4eb18c19d69b293180 testing commit a9e26cb5f2615cd638f911ea96d4fff5b4d93690 with gcc (GCC) 8.1.0 kernel signature: 92a38665aec38e5310ae8d24322b25579e2c7c12ea0e391081ba0b39f6db0dfa all runs: crashed: UBSAN: shift-out-of-bounds in cbq_dequeue testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 0a239a63f936e094afcdc973a4a1640a49766a3338df273434ed919c9d53b108 all runs: crashed: UBSAN: shift-out-of-bounds in cbq_dequeue testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 43a299fc537e8c714d4f291e0dd750ca62379f64f4e403b6386c91532496a188 all runs: crashed: UBSAN: shift-out-of-bounds in cbq_dequeue testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 9d59fff760a571f9aef85675458244dad39af3409ec46744bf8b4640c1f90dc9 all runs: crashed: UBSAN: shift-out-of-bounds in cbq_dequeue testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 5a651a957f7b2d0a6c6a5e0d01901f2c562ec4a7117c85fb3ead69e0c7d7e9d0 all runs: crashed: UBSAN: undefined-behaviour in cbq_dequeue testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 45db3359cea7d227a48aa67f77f64e309fe5579e273b03525727363462e79b2e all runs: crashed: UBSAN: undefined-behaviour in cbq_dequeue testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 8c05250c5f3378271bc4a038b521dee136b4ac7982c41a849b91d0eb16099fa4 all runs: crashed: UBSAN: undefined-behaviour in cbq_dequeue testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 20ba57603f6377c5e073ce6a66b762e7782253146a352daa80104ec2b5a98d86 all runs: crashed: UBSAN: undefined-behaviour in cbq_dequeue testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 671d4b1d247e018930d04001b74feca42e2262a7ea06aaa729f3b7bbc46790d8 all runs: OK # git bisect start 4d856f72c10ecb060868ed10ff1b1453943fc6c8 0ecfebd2b52404ae0c54a878c872bb93363ada36 Bisecting: 7848 revisions left to test after this (roughly 13 steps) [43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0 kernel signature: 1fa48a1d331e76f77ab8c7b908b754a2ec4120e98ae55ebb13cdc6a25a55a834 all runs: OK # git bisect good 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 Bisecting: 3922 revisions left to test after this (roughly 12 steps) [0e2a5b5bd9a6aaec85df347dd71432a1d2d10763] Merge branch 'parisc-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux testing commit 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763 with gcc (GCC) 8.1.0 kernel signature: 7de33c1c225a10aa3844eb58a4cbb476e5bb68e1c858357eb8b766973746a566 all runs: OK # git bisect good 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763 Bisecting: 1961 revisions left to test after this (roughly 11 steps) [12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea] perf record: Fix module size on s390 testing commit 12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea with gcc (GCC) 8.1.0 kernel signature: 71359ffa06d1eff8b0f09570522aa494f7c78683b1f14a898febcc641236b955 all runs: OK # git bisect good 12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea Bisecting: 984 revisions left to test after this (roughly 10 steps) [85d8d3b172eb37b23dcdbe9fa7a85e343642bfea] Merge tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux testing commit 85d8d3b172eb37b23dcdbe9fa7a85e343642bfea with gcc (GCC) 8.1.0 kernel signature: 8d46389f3ea340b80df42ae8716f8021cf535dd28832e5c1ab38730132f5ceaf all runs: OK # git bisect good 85d8d3b172eb37b23dcdbe9fa7a85e343642bfea Bisecting: 496 revisions left to test after this (roughly 9 steps) [6525771f58cbc6ab97b5cff9069865cde8283346] Merge tag 'arc-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc testing commit 6525771f58cbc6ab97b5cff9069865cde8283346 with gcc (GCC) 8.1.0 kernel signature: a1252c84657efff60a0183187022cd7c77751b082283ead1715c2c1dcd703e0f all runs: OK # git bisect good 6525771f58cbc6ab97b5cff9069865cde8283346 Bisecting: 251 revisions left to test after this (roughly 8 steps) [345464fb760d1b772e891538b498e111c588b692] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 345464fb760d1b772e891538b498e111c588b692 with gcc (GCC) 8.1.0 kernel signature: fce5439189a5ed25bb69a4915fcb1c7210b70475a605a97be1f2150213be546d all runs: OK # git bisect good 345464fb760d1b772e891538b498e111c588b692 Bisecting: 126 revisions left to test after this (roughly 7 steps) [840ce8f8073edb3ff3d2c2c7a6ef211f4176961c] Merge tag 'pinctrl-v5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 840ce8f8073edb3ff3d2c2c7a6ef211f4176961c with gcc (GCC) 8.1.0 kernel signature: 84d3e346b4aa70afe93514fd532b33554ad4bc47cfbae24b445930156b72f726 all runs: OK # git bisect good 840ce8f8073edb3ff3d2c2c7a6ef211f4176961c Bisecting: 63 revisions left to test after this (roughly 6 steps) [c3dc1fa72249e4472b90ecef4dbafe25f0f07889] net: hns3: fix spelling mistake "undeflow" -> "underflow" testing commit c3dc1fa72249e4472b90ecef4dbafe25f0f07889 with gcc (GCC) 8.1.0 kernel signature: fdf50ac52c103418455d0e76508cdc1c6890c2f6a6d848c8f2531d917ed4dd1c all runs: OK # git bisect good c3dc1fa72249e4472b90ecef4dbafe25f0f07889 Bisecting: 30 revisions left to test after this (roughly 5 steps) [1c4c5e2528af0c803fb1171632074f4070229a75] Merge tag 'mmc-v5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 1c4c5e2528af0c803fb1171632074f4070229a75 with gcc (GCC) 8.1.0 kernel signature: 1f42d483ae6f51d937221b325279e1905dea0d312725385536c4bcece8695089 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: crashed: general protection fault in batadv_iv_ogm_queue_add run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 1c4c5e2528af0c803fb1171632074f4070229a75 Bisecting: 15 revisions left to test after this (roughly 4 steps) [1b304a1ae45de4df7d773f0a39d1100aabca615b] Merge tag 'for-5.3-rc8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit 1b304a1ae45de4df7d773f0a39d1100aabca615b with gcc (GCC) 8.1.0 kernel signature: f2902cb08a1661e4a92e2ed9e3c3665a8be24f9e5bcc7fc2b92b37e5cee59744 all runs: OK # git bisect good 1b304a1ae45de4df7d773f0a39d1100aabca615b Bisecting: 9 revisions left to test after this (roughly 3 steps) [e6bb711600db23eef2fa0c16a2d361e17b45bb28] Merge tag 'drm-misc-fixes-2019-09-12' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes testing commit e6bb711600db23eef2fa0c16a2d361e17b45bb28 with gcc (GCC) 8.1.0 kernel signature: e42e5c48fe7389fcaa7e2324d9ade20bd1dc6fed25a0fe56842f7b8bd25c96a7 all runs: OK # git bisect good e6bb711600db23eef2fa0c16a2d361e17b45bb28 Bisecting: 4 revisions left to test after this (roughly 2 steps) [87b5d602a1cc76169b8d81ec2c74c8d95d9350dc] mmc: tmio: Fixup runtime PM management during remove testing commit 87b5d602a1cc76169b8d81ec2c74c8d95d9350dc with gcc (GCC) 8.1.0 kernel signature: e42e5c48fe7389fcaa7e2324d9ade20bd1dc6fed25a0fe56842f7b8bd25c96a7 all runs: OK # git bisect good 87b5d602a1cc76169b8d81ec2c74c8d95d9350dc Bisecting: 2 revisions left to test after this (roughly 1 step) [97a61369830ab085df5aed0ff9256f35b07d425a] cgroup: freezer: fix frozen state inheritance testing commit 97a61369830ab085df5aed0ff9256f35b07d425a with gcc (GCC) 8.1.0 kernel signature: 1a90b24d08993b87c8e2b25d67b17e8caf89d90a0b23964c5bfd4ac5eebae63f all runs: OK # git bisect good 97a61369830ab085df5aed0ff9256f35b07d425a Bisecting: 0 revisions left to test after this (roughly 1 step) [592b8d8759ceb7086e1683e1796c7110e6c2ae8f] Merge tag 'drm-fixes-2019-09-13' of git://anongit.freedesktop.org/drm/drm testing commit 592b8d8759ceb7086e1683e1796c7110e6c2ae8f with gcc (GCC) 8.1.0 kernel signature: 1f42d483ae6f51d937221b325279e1905dea0d312725385536c4bcece8695089 all runs: OK # git bisect good 592b8d8759ceb7086e1683e1796c7110e6c2ae8f 1c4c5e2528af0c803fb1171632074f4070229a75 is the first bad commit commit 1c4c5e2528af0c803fb1171632074f4070229a75 Merge: 592b8d8759ce 87b5d602a1cc Author: Linus Torvalds Date: Sat Sep 14 12:08:19 2019 -0700 Merge tag 'mmc-v5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: - tmio: Fixup runtime PM management during probe and remove - sdhci-pci-o2micro: Fix eMMC initialization for an AMD SoC - bcm2835: Prevent lockups when terminating work * tag 'mmc-v5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: tmio: Fixup runtime PM management during remove mmc: tmio: Fixup runtime PM management during probe Revert "mmc: tmio: move runtime PM enablement to the driver implementations" Revert "mmc: sdhci: Remove unneeded quirk2 flag of O2 SD host controller" Revert "mmc: bcm2835: Terminate timeout work synchronously" drivers/mmc/host/bcm2835.c | 2 +- drivers/mmc/host/renesas_sdhi_core.c | 6 ------ drivers/mmc/host/sdhci-pci-o2micro.c | 2 +- drivers/mmc/host/tmio_mmc.c | 5 ----- drivers/mmc/host/tmio_mmc.h | 1 + drivers/mmc/host/tmio_mmc_core.c | 27 ++++++++++++++------------- drivers/mmc/host/uniphier-sd.c | 3 --- 7 files changed, 17 insertions(+), 29 deletions(-) Reproducer flagged being flaky revisions tested: 23, total time: 4h56m44.720341446s (build: 2h5m21.775172726s, test: 2h48m44.492943626s) first bad commit: 1c4c5e2528af0c803fb1171632074f4070229a75 Merge tag 'mmc-v5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc recipients (to): ["torvalds@linux-foundation.org"] recipients (cc): [] crash: general protection fault in batadv_iv_ogm_queue_add kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.3.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:605 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00 RSP: 0018:ffff8880b50d7aa8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8880a4e14d40 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880b50d7bc0 R08: ffff8880a1e2d900 R09: 0000000000000001 R10: ffffed1016a1af8c R11: 0000000000000003 R12: ffff8880a1e2d900 R13: dffffc0000000000 R14: ffffed10143c5b2e R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e9deb5b150 CR3: 00000000a1be1000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: batadv_iv_ogm_schedule+0xb47/0xe80 net/batman-adv/bat_iv_ogm.c:813 batadv_iv_send_outstanding_bat_ogm_packet+0x570/0x7d0 net/batman-adv/bat_iv_ogm.c:1675 process_one_work+0x7d2/0x1560 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace f5c3a6f144e6ee6a ]--- RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:605 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00 RSP: 0018:ffff8880b50d7aa8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8880a4e14d40 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880b50d7bc0 R08: ffff8880a1e2d900 R09: 0000000000000001 R10: ffffed1016a1af8c R11: 0000000000000003 R12: ffff8880a1e2d900 R13: dffffc0000000000 R14: ffffed10143c5b2e R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e9deb5b150 CR3: 00000000a1be1000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400